I've been doing some network refreshing over the past week. Today I spun up a new DHCP server pointing to new DNS servers.
The setup is pretty straightforward - we have two VLANs phones and data. The new DHCP and DNS Servers worked fine on the Data network but I had issues getting addresses on the Phone VLAN. I made a rule for DHCP in the firewall from the Phone network to my Data network and that cleared up my issue with DNS.
I then began to wrestle an issue where I was getting default drops from between my phone VLAN and Data VLAN - I am able to pickup an address from the DHCP server just fine now.
18:30:54 Default DROP UDP 192.168.xx.xx:53→192.168.xx.xx:43448 len=164 ttl=127 tos=0x00 srcmac=00:50:56:83:b3:bd dstmac=00:1a:8c:f0:ae:e0
18:32:44 Default DROP UDP 192.168.xx.xx:67→192.168.xx.xx:68 len=164 ttl=127 tos=0x00 srcmac=00:50:56:83:b3:bd dstmac=00:1a:8c:f0:ae:e0
After wrestling it for awhile, I then descided to try to put the old DNS servers in line - I did tha and rebooted my phone and it linked up and connected with no issues.
So there is a rouge DNS setting I am missing somewhere that is causing the default drops - these are two brand new DNS server. I have verified the phone VLAN and Data network are in "Network Services > DNS > Allowed Networks" and I have also updated the firewall rules to allow traffic from the DNS servers over DNS ports to all IPv4 addresses.
Is there something else missing?
This thread was automatically locked due to age.
