jt25741

41 minutes ago, ingenium said:

Since you mention ACL logging, I'm guessing you might have a more advanced switch? If so, you could do port mirroring on the switch and then run Wireshark (in promiscuous mode) on a computer connected to the mirror port. In my case I just ran Wireshark on my router on the vlan that only contains the Airave. 

That being said, you can try whitelisting those IPs. Or another option is to set a NAT rule to force all traffic to go through OpenDNS, while letting clients think they're using their hardcoded servers. I do this on a couple of my vlans. It's a preferable option to just blocking non OpenDNS traffic.

39 minutes ago, jt25741 said:

All great ideas...thank you.. Ill report back what I get to work.

Hey ingenium....just wanted to say,  I put those two other DNS server entries in ACL whitelist and it works like a charm.    I got all green lights.  Thank you for your help.

1 minute ago, ingenium said:

Since you mention ACL logging, I'm guessing you might have a more advanced switch? If so, you could do port mirroring on the switch and then run Wireshark (in promiscuous mode) on a computer connected to the mirror port. In my case I just ran Wireshark on my router on the vlan that only contains the Airave. 

That being said, you can try whitelisting those IPs. Or another option is to set a NAT rule to force all traffic to go through OpenDNS, while letting clients think they're using their hardcoded servers. I do this on a couple of my vlans.

All great ideas...thank you.. Ill report back what I get to work.

1 minute ago, ingenium said:

Was just about to edit my post. Turns out they're not hardcoded. I just found out that 71.252.0.14 is a Verizon fios DNS server. I forgot that I set my Airave VLAN to not use my local DNS server, but rather just pass along whatever my ISP assigned. So in that case I guess it does just use the DNS server assigned via DHCP. I have no explanation for the other 2 though.

Actually now I am confused....  As I block all DNS traffic except to OpenDNS...and the Airave 4 doesnt come up..   So it is trying to reach a DNS server that is not DHCP served it seems...I just dont know which one.    It comes up fine when I drop my DNS restrictions.    I can try some ACL logging and see if I can find out but it isnt easy in my setup.

7 minutes ago, ingenium said:

So far I've seen 71.252.0.14, 10.192.132.119, and 10.192.4.119. Typically it only uses the first one, but for some lookups, it queries all 3 at the same time, but it only gets a response from 71.252.0.14 (at least on my network). 

Thank you!

On 6/3/2019 at 1:03 PM, ingenium said:

 

 

It's also interesting that the Airave 4 uses hardcoded DNS servers, querying 3 of them at the same time for the final IPsec tunnel. 

 

 

Hi ingenium, can you please relay what the Sprint DNS Server hardcoded IPs are?   I need to make exception to them as I generally force all DNS traffic to OpenDNS for security reasons.