Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
2
Helpful
9
Replies

DNS does not resolve on Expressway C

Go to solution
Djeten
Level 1
Level 1

‎01-31-2024 11:57 PM

Hello,

I'm setting up Expressway E & C for MRA.

My traversal zone fails and I see the error 'SIP Failed: DNS resolution failed'

When I use the DNS Lookup tool to resolve the fqdn of the expressway E, indeed it fails. 

Djeten_2-1706774033249.png

When I add a 2nd server, like 8.8.8.8, and try to resolve using all dns servers, it fails:

Djeten_0-1706773831804.png

However, with 2 DNS servers configured, but only selecting the initial DNS server, the DNS resolution works:

Djeten_1-1706773919486.png

Why doesn't it work with only 1 DNS server configured? And why does it only work when I configure 2 servers, but only select the right one?

 

Kind regards

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Djeten
Level 1
Level 1
In response to Djeten

‎02-01-2024 12:53 AM

Solved it... I had also configured a 'per-domain DNS server' other than the defautl dns server and I had to add the DNS records there...

Thanks for the help

View solution in original post

0 Helpful
9 Replies 9

Go to solution
b.winter
VIP
VIP

‎02-01-2024 12:25 AM - edited ‎02-01-2024 12:26 AM

Is the hostname of the EXP-E an external or an internal one?
If it's just an internal name, then a public DNS (like your google DNS 8.8.8.8) cannot resolve it.

And can the EXP-C also resolve the Reverse Pointer for the IP-address for the EXP-E FQDN? This is mandatory as stated in the deployment guide for MRA.

Go to solution
Djeten
Level 1
Level 1
In response to b.winter

‎02-01-2024 12:28 AM

I don't want it to resolve to 8.8.8.8. I want it to resolve to my dns server. But when I only configure my DNS server, the resolution fails. Only when I configure a second DNS server and select my DNS server, then the resolution works... but in the traversal zone configuration, I can not select a default dns server...

0 Helpful

Go to solution
b.winter
VIP
VIP
In response to Djeten

‎02-01-2024 12:32 AM

Have you even configured the DNS server in the settings? Under "System" --> "DNS"
What you are trying to do is just testing the DNS lookup.

Go to solution
Djeten
Level 1
Level 1
In response to b.winter

‎02-01-2024 12:34 AM

Yes I have configured it in the DNS settings, otherwise I would not be able to select it in the DNS lookup tool...

0 Helpful

Go to solution
b.winter
VIP
VIP
In response to Djeten

‎02-01-2024 12:37 AM

What about the question of the reverse pointer? Have you set it in the DNS?
What does the network log say?
In the worst case, take a logging and check the pcap-file with wireshark and check the DNS packets

0 Helpful

Go to solution
Djeten
Level 1
Level 1
In response to b.winter

‎02-01-2024 12:47 AM

Yes, the PTR records are configured as well... I believe my DNS server is OK, because it can resolve when I manually select my DNS server...

I will take a pcap and check...

0 Helpful

Go to solution
Djeten
Level 1
Level 1
In response to Djeten

‎02-01-2024 12:53 AM

Solved it... I had also configured a 'per-domain DNS server' other than the defautl dns server and I had to add the DNS records there...

Thanks for the help

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to Djeten

‎02-01-2024 06:58 AM

As @b.winter replied the external DNS server does not have your internal DNS records that the C and E uses to form the traversal zone to E, so it cannot do name resolution for the name and therefor the setup of the zone fails. This is why the per-domain DNS server setting exists so that you can tell the E, and if needed C, that it should use these specific DNS servers for the domain(s) that you define in that configuration element.



Response Signature


0 Helpful

Go to solution
b.winter
VIP
VIP
In response to Djeten

‎02-01-2024 12:55 AM

If you can resolve the FQDN with the test lookup, this shouldn't be a problem.
You can also test, if you can resolve the IP to FQDN.
And if the test is good, then you need to check the logs and wireshark file.

0 Helpful
Customers Also Viewed These Support Documents