Scenario:
- Remote Site has Merak MX, this site has no servers (NO on prem DNS server, the Meraki is MX is handling DHCP and has DNS pointing to Azure DC. Also set DHCP option 15 to assign DNS suffix to match that off domain name so something like domain.local).
- Have Meraki vMX-S in Azure which sits in front of Azure hosted Domain Controller (DC) (traceroute from the Azure DC hits the Meraki vMX-S as the first hop and then reaches remote site) . Objective is to have Azure hosted DC handle authentication request and DNS (i added remote site subnet in AD Sites and Services)
- Remote site Meraki MX and Azure hosted Meraki vMX-S via Auto VPN (no firewall rules in place between remote site network and azure network, currently set to allow any/any)
Issue:
Can ping IP from both directions (Azure to Remote Site and vice-versa) however I am unbale to resolve any DNS records (which affects remote access to LDAP and other important details DNS service records for authentication).
At the remote site, the DNS is pointing to the IP of the DC in Azure (which it can ping via IP, DC obviously has DNS role enabled) but cannot resolve any names or services.
Any guidance on this would be helpful.
Additional details: We have cisco umbrella integrated but have the domain.local in our private network on Umbrella so it knows not to try to resolve via Umbrella (i have also disabling Umbrella dns integration to see if that would help to no avail)
Other Tech Details for clarity (not real IP scheme's used but similar setup)
- Azure Server Subnet (where DC sits, can ping Remote Site NEtwork via IP address of clients) - 10.0.0.0/24
- Azure Meraki vMX-S Appliacne SUbnet (where Merak vMX-S resides. Meraki is the first hop from Azure Server Subnet to remote site, and has no FW rules) - 10.0.1.0/24
- Remote Site Network (Clients cannot resolve DNS, can ping IP of Azure Server Subnet) - 10.0.200.0/24
