Endpoint Device DNS Resolution

Question

When Cato is handling DHCP and DNS for all devices within an account across multiple vlans, across multiple sites, is it possible for a device to resolve the IP of a hostname outside of the local subnet that the device is on, using Cato DNS to resolve the hostname?

We historically have had on-prem Windows AD providing DHCP/DNS which reliably provided name resolution from hostname to IP, but also reverse DNS for IP back to hostname. We are moving to Entra ID/Intune+Auto Pilot managed devices with the outlook to retire our on-prem servers entirely.

We have various use cases where we need to resolve a hostname to have the IP returned, but also for the IP to resolve back to hostname via reverse DNS. This has become difficult for Entra ID managed devices unless the device is on the same local subnet where the site switch manages the resolution via the local mac table.

Is mDNS the right approach and where I should focus my attention or is there an alternative I should consider? As is looks like mDNS is restricted to vlans within the same site, it may not work in our scenario where we need to resolve across sites.

Any advice or recommendations are greatly appreciated.

jmac · Answer

Hi michaelsaw,Thank you for your reply.1) I'm not sure hostname entries on a local PC is a viable option with DHCP issuing new addresses all the time, how would that local file be reliably updated to be the same on all local PC's that need to match a hostname to IP for all the endpoints?2) We have an internal DNS server at the moment, from our legacy onprem domain, but the IP's are not being updated from the Cato DHCP service that's issuing the IP's. While I allowed insecure DNS updates temporarily, it didn't work and everything tells me this shouldn't be left as insecure so that config has been reverted.Is there a DNS Server config that Cato fully supports updating with the DHCP addresses it issues?

michaelsaw · Answer

Hi jmac,&nbsp;
This is an interesting idea: "DNS Server config that Cato fully supports updating with the DHCP addresses it issues". Would you like to submit this on Ideas hub?If the specific DNS requests have a specific domain, would you consider DNS Forwarding ( https://support.catonetworks.com/hc/en-us/articles/4413265623825-Defining-DNS-Forwarding-Rules ) ?Cheers

michaelsaw · Answer

Hi jmac,&nbsp;
Would this KB help: https://support.catonetworks.com/hc/en-us/articles/20390829480349-Enabling-mDNS-Between-Subnets ?
Cheers

jmac · Answer

I did see that and while it might operate across subnets within a site, it will not traverse sites and therefore won't meet my needs where I need to resolve hostnames across sites. I've also read it's a noisy protocol and could be detrimental to the stability of a network. Are there other options I haven't considered? How do others handle local dns resolution without an on-prem dns server?

michaelsaw · Answer

Hi jmac,&nbsp;
Understood your requriements to resolve hostnames across sites.&nbsp;Would you consider (1) hostname entries on local PCs or (2) internal DNS option?
Cheers

Forum Discussion

Endpoint Device DNS Resolution

5 Replies

Recent Discussions

Is there any way to know the actual service signature?

Need help with prelogin Intune deployment

AI for firewall rules?

Spotify web unable to play music

Uptime for Wan Interface