Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
0
Helpful
4
Replies

Weird DNS query/NAT

mloraditch
Level 7
Level 7

‎09-22-2020 02:15 PM

I'm still trying to get info from a vendor on this and why it is, but has anyone ever seen a DNS A record query for (w/o quotes) "-.-"

 

Literally that's what the app is querying for. The thing is the app is querying to the vendors server not to any public DNS servers. I can't actually get such a query to run manually to a normal DNS server. Nslookup tells me its invalid. My googles are also failing to find anything to say it's even a valid query.

 

The standard response on the WAN side of equipment (ISR4Ks, ISR G2s, and Merakis) is the public IP of the device is the A record. I.e. 1.2.3.4.


When said response is translated back to the LAN on an ISR4K is shows up as the IP of the requesting internal device. I.e. 192.168.1.1.  It appears NAT is translating the reply for some reason. This breaks the application.

So if anyone has seen such a query before, would love to hear about it, and if you know it's valid and documented in an RFC or something, it would help if I end up going to TAC.

Thanks!


 

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎09-22-2020 10:32 PM

Hello,

 

weird indeed. Which application is doing the query ?

0 Helpful

mloraditch
Level 7
Level 7
In response to Georg Pauwen

‎09-23-2020 11:14 AM

The app is WebTitan.

Per an update I just got from them it is an "empty domain" dns request. I still can find no evidence of this being something that is defined in RFCs or used in any other application. They gave me an nslookup command that does work, but only against their servers.

(Command is "nslookup -\")

My main concern is if I engage TAC they are going to say it's custom and they don't have to support it. I wouldn't really disagree with them, but it will be a problem if we can't get this software working.

0 Helpful

mloraditch
Level 7
Level 7
In response to mloraditch

‎09-23-2020 06:38 PM

Well my boss, who when doing tech stuff was a server guy, found the answer: https://serverfault.com/questions/17170/cisco-nat-causes-nslookup-to-return-local-ip

 

Command is different in IOS XE and we don't actually have a static nat like in this example but turning off DNS doctoring fixes it.

 

Fun times!

0 Helpful

paul driver
VIP
VIP

‎09-24-2020 06:25 AM - edited ‎09-24-2020 06:26 AM

Hello

So just to confirm you wish your internal clients to be able to access this application via its public dns name record that resolves to a public routed ip address?
If so you can to doctor/hairpin you nat dns to achieve this.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card