LAN devices cannot resolve DNS hostnames

Description - Devices on your LAN are unable to resolve hostnames and are experiencing connectivity issues to external or internal hosts.

Indicators of this issue - DNS resolution failures may occur continually or intermittently when attempting to browse the web.

Potential Causes

• DNS records have not yet propagated globally after installing Bigleaf or are not updated to use new Bigleaf-provided LAN network IP addresses.

• Hosted servers or end user devices are configured to use ISP DNS server(s) or DNS server(s) that were using legacy ISP IP addresses.

• Routing issues between hosted servers or end user devices after cutover to Bigleaf service.

Tests and Solutions

• Ensure DNS records have been updated with new Bigleaf-provided LAN network IP addresses.

  • You can verify available IP addresses by referring to this KB: How do I find my public IP address(es)?

  • You can flush a domain from public resolver cache to speed up propagation of DNS changes. Here are some examples of provider tools for this:

    • Google: https://developers.google.com/speed/public-dns/cache

    • Cloudflare: https://cloudflare-dns.com/purge-cache/

• Verify the DNS server that is being used by clients and users.

  • Bigleaf provides public DNS servers for our customers: 162.219.101.1 and 162.219.102.1

  • We also advise using public resolvers from major cloud or CDN providers, such as Google DNS (8.8.8.8), Cloudflare (1.1.1.1), OpenDNS (208.67.222.222), or Quad9 (9.9.9.9).

  • Note that this is not a full list, and you should verify a DNS provider's instructions and documentation to ensure the proper addresses and configuration is put into place for optimal results.

• Use the tcpdump tool on the Troubleshooting tab of the Bigleaf Web Dashboard to identify if DNS traffic working as intended.

  • Select primary CPE as the device, the LAN interface, and “port 53” for the filter.

  • If you see DNS “refused” or only 1-way DNS requests, likely there is a misconfiguration.

  • If you see few or no DNS packets originating from the site, there may be a LAN-side DNS misconfiguration, either in the client configuration or routing configuration.