I'm working on a multi-subnet network and have hit a wall with DNS lookups. My setup includes a Unifi gateway at 192.168.0.1 and a couple of Windows Servers for DHCP and DNS at 192.168.0.2 and 192.168.0.4. The default network for workstations is 192.168.0.0/24, while the wireless network is on 192.168.10.0/24. Everything works fine when DNS requests come from the default subnet, but if they originate from other local subnets, I get a 'nonexistent domain' response. I've checked the DNS logs but haven't found anything useful. After doing an nslookup, it shows failures trying to resolve the domain server1.net.local.
I also noticed that when I connected directly to a different VLAN (192.168.200.0/24, which isn't managed by either Windows or Unifi for DHCP), the DNS worked fine. The setup is a bit complicated, and I'd love some tips on what to check next or how to fix this issue!
2 Answers
Check if `proxy-arp` is turned off on your gateway device and ensure that `ip-helper` or `dhcp-relay` is set up correctly. Also, verify if the DHCP server can ping the clients and vice-versa. If that all checks out, then the DNS traffic could be getting blocked somewhere along the line.
It sounds like the DNS requests just aren't making it back to your domain controller (DC). Have you checked whether the clients from the other subnets can see the return traffic when you sniff the DC? If the requests are getting to the DC but you're not seeing any response, make sure the subnet mask is correct on the server. Sometimes a rogue setting in a firewall can cause issues too.
I've been running more tests. It seems like DNS traffic isn't reaching the DC at all. The debug logging on the DC shows nothing incoming for those. I'm puzzled on the subnet mask – if it were wrong, wouldn't all network traffic fail?
They can ping each other fine, and all other types of traffic work as expected. I made temp rules to allow DNS traffic through the firewall, but that didn't help.