topic Bad DNS Query errors on router from Wireless subnet in Wireless

Bad DNS Query errors on router from Wireless subnet

ccisco630 — Mon, 05 Jul 2021 16:36:57 GMT

Running a Meraki wireless network with a secure SSID for staff. The Meraki AP has an IP address on the secure subnet which is permitted on the WAN. For DNS we have the primary set to an internal DNS server and secoWireless and Mobility, Other Wireless and Mobilityndary set as 8.8.8.8, to satisfy both the Secure SSID and guest SSID name resolution queries. In the router logs, I am seeing sets of these every day:

007515: Dec 19 10:07:15.439 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007516: Dec 19 10:07:15.439 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007517: Dec 19 10:07:15.571 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007518: Dec 19 10:07:15.571 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007519: Dec 19 10:07:15.627 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007520: Dec 19 10:07:15.631 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007521: Dec 19 10:07:16.615 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007522: Dec 19 10:07:16.615 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2

That is the IP address of my AP. What could be causing these errors? All is working as it should for staff and guest access. Thanks!

Re: Bad DNS Query errors on router from Wireless subnet

balaji.bandi — Wed, 19 Dec 2018 21:02:08 GMT

This device looks like acting as DNS Server. if this is not DNS Server then turn off.

turn it of with the "no ip dns server" configuration command.

or you have ACL inbound ACL

deny tcp any any eq 53
deny udp any any eq 53

Re: Bad DNS Query errors on router from Wireless subnet

ccisco630 — Thu, 20 Dec 2018 13:58:15 GMT

The device that is throwing the error does act as a DNS server for other subnets and also is the DNS config for the secure wireless subnet's DHCP scope. I tried removing the DNS entry from that DHCP scope and leaving the DNS entries on the Meraki Dashboard, but then I was not able to browse anywhere from that subnet.

Re: Bad DNS Query errors on router from Wireless subnet

Scott Fella — Thu, 20 Dec 2018 14:44:13 GMT

Run a packet capture and see what is really happening. See what queries are being sent and then troubleshoot from there.

Re: Bad DNS Query errors on router from Wireless subnet

ccisco630 — Fri, 21 Dec 2018 19:44:03 GMT

Thanks Scott. I ran a packet capture, and it appears the DNS queries are being responded to by what is set on the Meraki dashboard and also by the gateway for the wireless subnet. I got a flurry of the errors for about a minute around 12:15 today. Are these errors even anything to worry about if everything is working? I'm thinking overhead on the router or something like that.

Re: Bad DNS Query errors on router from Wireless subnet

Scott Fella — Fri, 21 Dec 2018 19:48:13 GMT

Well it is not affecting user experience from what you know. Now this is extra noise in my book and I personally would try to make it stop. I would not know how much overhead this might cause to other devices. You can always open a TAC case with Meraki and see what they come up with to try to eliminate the noise.