Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2159
Views
10
Helpful
5
Replies

Bad DNS Query errors on router from Wireless subnet

ccisco630
Level 1
Level 1

‎12-19-2018 11:52 AM - edited ‎07-05-2021 09:36 AM

Running a Meraki wireless network with a secure SSID for staff.  The Meraki AP has an IP address on the secure subnet which is permitted on the WAN.  For DNS we have the primary set to an internal DNS server and secoWireless and Mobility, Other Wireless and Mobilityndary set as 8.8.8.8, to satisfy both the Secure SSID and guest SSID name resolution queries.  In the router logs, I am seeing sets of these every day:


007515: Dec 19 10:07:15.439 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007516: Dec 19 10:07:15.439 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007517: Dec 19 10:07:15.571 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007518: Dec 19 10:07:15.571 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007519: Dec 19 10:07:15.627 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007520: Dec 19 10:07:15.631 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007521: Dec 19 10:07:16.615 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2
007522: Dec 19 10:07:16.615 EST: %DNSSERVER-3-BADQUERY: Bad DNS query from 10.203.2.2

 

That is the IP address of my AP.  What could be causing these errors?  All is working as it should for staff and guest access.  Thanks!

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎12-19-2018 01:02 PM

This device looks like acting as DNS Server. if this is not DNS Server then  turn off.

turn it of with the "no ip dns server" configuration command.

 

or you have ACL inbound ACL 

deny tcp any any eq 53
deny udp any any eq 53

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ccisco630
Level 1
Level 1
In response to balaji.bandi

‎12-20-2018 05:58 AM

The device that is throwing the error does act as a DNS server for other subnets and also is the DNS config for the secure wireless subnet's DHCP scope.  I tried removing the DNS entry from that DHCP scope and leaving the DNS entries on the Meraki Dashboard, but then I was not able to browse anywhere from that subnet.  

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to ccisco630

‎12-20-2018 06:44 AM

Run a packet capture and see what is really happening. See what queries are being sent and then troubleshoot from there.
-Scott
*** Please rate helpful posts ***

ccisco630
Level 1
Level 1
In response to Scott Fella

‎12-21-2018 11:44 AM

Thanks Scott.  I ran a packet capture, and it appears the DNS queries are being responded to by what is set on the Meraki dashboard and also by the gateway for the wireless subnet.  I got a flurry of the errors for about a minute around 12:15 today.  Are these errors even anything to worry about if everything is working?  I'm thinking overhead on the router or something like that.  DNSissue_wiresharkDec21.JPG

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to ccisco630

‎12-21-2018 11:48 AM

Well it is not affecting user experience from what you know. Now this is extra noise in my book and I personally would try to make it stop. I would not know how much overhead this might cause to other devices. You can always open a TAC case with Meraki and see what they come up with to try to eliminate the noise.
-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card