ePMP DNS Issues

We are trying to add ePMP's to CNMaestro by hostname (in case I need to change our server's IP in the future).  The A record for our cnmaestro server is a private IP for our internal network. We don't want it public for now.  

The odd part is from the limited cli inside an ePMP we can ping outside domains by hostname but not any domain that we have A records pointing to private records. 10.x.x.x 172.16.x.x etc.  The DNS servers that are set up in the network configuration for the NAT ip are indeed correct and our servers that host the zone we are using.  But it will not resolve a hostname to a private IP.

Anyone else encounter this?

Are you seeing the requests from devices in your DNS server logs?  If the configuration on the devices is indeed correct and the DNS servers are reachable they should be getting your internal IP for https://cloud.cambiumnetworks.com.  What is the DNS server saying its returning for the https://cloud.cambiumentworks.com requests?

It is the cnmaestro on premises version on a 172 network.  (Not cloud based)  so it is a cnmaestro.domain.com A record that points to a 172.x.x.x IP

It is almost as if it is bypassing our DNS server entirely.  I have our primary/secondary servers set up in the ePMP.   In both of those servers I did a tcpdump to watch if both the management and NAT IP would query the DNS servers for information. 

In all cases it actually didn't even hit my DNS servers.  But it was able to resolve new hostnames somehow.

Therefore there must be some other inside mechanism that is being used to resolve hostnames in the ePMP. 

Ok I did a packet dump of the radio's traffic and it is actually using even though we've assigned other IP's to use as DNS servers.  So it has to be something hard coded into its linux OS. 

1 Like

Hi Steven,

I would be really appreciate it if you could send ePMP radio configuration to me via e-mail:

Thank you.

Yes, I'm seeing the same behavior here.  An ePMP SM will not resolve an A record if it resoves to an internal IP address.

Thanks for confirming I've sent the file over and he's looking into it.  Excellent support thanks guys. 

Its not the the customer had a device periodically checking.  Even though the torch would be empty until I pinged a random domain.  My mistake.

What I did narrow down was the device can ping by IP so it is reachable.  It also does resolve the private IP from the A record on our DNS server.  However it returns

ping: unknown host cnm.domain.com

whenever trying to resolve any A record with a private address. 

Hi Steven, Dan

We have reproduced the issue and currently working for fix.
Thank you for your feedback and help.

Hi all,

For cases when cnMaestro URL cannot be resolved on ePMP devices via DNS server we recommend to use IP address instead of URL in ePMP configuration till issues with DNS resolver will be fixed.

Thank you and sorry for inconveniences.