Re: Split DNS API

JamesT91 · ‎11-27-2024

This feature allows administrators to determine which DNS requests are answered by which DNS servers.

I have raised a Meraki support ticket, but wanted to reach out to the community anyway to see if anyone had used this API / new feature yet.

The first issue I had is when trying to add multiple nameserver addresses, it threw an error saying: "More than one address is in addresses"

import requests

url = "https://api.meraki.com/api/v1/organizations/ORG_ID/appliance/dns/split/profiles"

payload = '''{
    "name": "8x8 DNS Profile",
    "hostnames": [ "*.8x8.com", "*.packet8.net" ],
    "nameservers": { "addresses": [ "8.28.0.9", "192.84.18.11" ] }
}'''

headers = {
    "Authorization": "Bearer API_TOKEN",
    "Content-Type": "application/json",
    "Accept": "application/json"
}

response = requests.request('POST', url, headers=headers, data = payload)

print(response.text.encode('utf8'))

When I added a profile with only one nameserver I was not convinced it was actually redirecting traffic to the specified nameserver, because a packet capture on the Internet port showed the DNS query going to the clients DNS server, which is set to Proxy to upstream DNS rather than the one added in the DNS profile via the API...

Philip D'Ath · ‎11-27-2024

This is an interesting new feature you have found.

I suspect you'll need to be running the latest MX 19.x code for this to work.

JamesT91 · ‎11-28-2024

I am 😊

sungod · ‎11-28-2024

This is an Early Access call, it may be that it's still being tweaked/debugged.

I'd post the query in the API Early Access group https://community.meraki.com/t5/API-Early-Access-Group/gh-p/api-early-access if you're not a member you can request access.

There's also a direct feedback email available, you'll see it if/once you have group access.

JamesT91 · ‎11-28-2024

Thanks @jscorb I found this early access group last night and was granted entry this morning. I have emailed the direct feedback address and will see where that gets me. 🙂

JamesT91 · ‎12-10-2024

I've got one step further, in that there is a second API call required to then bind the split DNS profile to a network: Create Organization Appliance Dns Split Profiles Assignments Bulk Create - Meraki Dashboard API v1 - Cisco Meraki Developer Hub

Alas it still didn't work and support were unable to help due to: "As this feature is still in its early stages of development and we currently do not have any documentation surrounding the requirements for the feature we will need to await later releases of the feature from our development team."

I will wait some more months and see what happens.

sungod · ‎12-10-2024

I suggest post on the EA group that you are interested in this feature and would like to help with testing/feedback if possible.

On other EA calls there has been opportunity to do this.

JamesT91 · ‎01-06-2025

To provide an update, after troubleshooting with support they were seeing the first request go to the desired nameserver, but not subsequent subdomain queries. After they checked internally this is apparently intended behaviour and the wildcard examples in the API documentation is just extremely misleading.