DNS over IPsec -cross post
-
Hello,
I have a main office which hosts an AD domain, with DNS running on the AD servers. In that site I have WAPs controlled by a cloud hosted controller. All is good with DNS at main office and WAPs can access the controller.
At the remote site, things are a bit different. I'm forwarding DNS queries across Tun 3 (diagram below) from remote to main site. For instance, main site LAN clients can resolve the cloud controller's private IP from AD servers in main site, but the WAP in remote site cannot resolve this query and the WAP has not checked in with the controller.
I am using the XG-7100 to provide DHCP to both Wi-Fi and LAN scopes, in the remote site only. DNS config in the DHCP for each of these is the same. I can ping the controller from a LAN host, but not from any interface on the XG-7100 (feel like this is very telling to the issue).
When I attempt an NSlookup for the controller FQDN from the XG-7100, there is no response from the main site AD servers, but public DNS responds. No FQDN from my domain will resolve, an error message appears: Host "hostname" did not respond or could not be resolved. I have configured the domain in System > General Setup.
I can ping from the workstation and management interface on the remote router to the main router server subnet #1 address (not FQDN), but not from the remote Wi-Fi subnet interface to the main server subnet #1 address. This condition is consistent while using either FQDN or IP address for the ping target.
There is one difference between the remote workstation subnet and the remote Wi-Fi subnet. Remote XG-7100 tags the workstation subnet, an unmanaged switch picks it up on ETH2. Wi-Fi subnet is on ETH3 of the XG-7100 and directly patched.
I did this for two reasons, the switch wont support VLANs and I thought using the inbuilt switch of the remote XG-7100 would be easier.
Any thoughts for what could be causing the issue?
-
This post was flagged as spam so I can't edit out the redundant image, sorry.