7.5.2 No DNS entries for Guest Network

Question

Level 1

0 points

7.5.2 No DNS entries for Guest Network

I have an Airport Extreme running 7.5.2. It is configured to support an internal network and a guest network. The internal works fine; with the Airport providing 2 DNS addresses. When connected to the guest network, the connection is fine, but the DNS IP address provided is that of the Airport (virtual address).

In looking through the forums, I have seen several talk about the guest network access the Internet. Without having to manually placing the DNS addresses into the workstations, should the Airport provide the same addresses as on the main network? The first DNS IP is the ISP's DNS server.

All network connectivity is flowing through the Airport and, with the exception of the guest network, works fine.

If the DNS entries is not provided to the guest network, will there be an update that will do this. Since the Airport provides the IP and routing info, I would think 20 or 30 additional characters would not hurt.

Thanks.

Airport Extreme Base Station, 7.5.2 Firmware

Posted on Jan 27, 2011 9:30 AM

Reply

Answer 1

Jan 28, 2011 2:21 PM in response to Lab&Poodle

Lab&Poodle wrote:
the Airport providing 2 DNS addresses.

Welcome to Apple's discussion groups.

Are you seeing those two DNS addresses in AirPort Utility's Internet panel, TCP/IP tab, or in the Network panel of System Preferences?

When connected to the guest network, the connection is fine, but the DNS IP address provided is that of the Airport (virtual address).

My Time Capsule has two DNS addresses, but the DNS address it provides to LAN clients on its main network is its own IP address, 10.0.1.1. That is entirely normal.

When I connect to my Time Capsule's guest network, the client's DNS server IP address is that of the Time Capsule's guest network.

All network connectivity is flowing through the Airport and, with the exception of the guest network, works fine.

Are clients of your guest network having problems that are definitely a result of DNS lookup failures?

I haven't migrated to 7.5.2 yet, so that may explain some of the differences between what you and I see, but so far nothing you've described proves to me that you're having a guest network DNS problem.

Reply

Answer 2

Lab&Poodle Author

Level 1

0 points

Jan 31, 2011 8:08 AM in response to William-Boyd-Jr

William,

Thank you for the reply. The DNS entries are in the settings of the Airport. The laptops are set get their DNS settings from the DHCP server. In this case the Airport.

If I set the laptops to the main wireless, the entries are fine. I can open a cmd prompt and ping www.google.com. When I set the laptops to access the guest network, I am unable to ping www.google.com. I can ping IP addresses on the Internet. (IE. the route is correct.)

If I set the DNS entries manually, it will work. But this goes against our ability to provide access to guests without having them make changes to their equipment. For most of them, they do not have the rights to do this.

I am not running Time Capsule. It is strictly an Airport Extreme solution.

Thank you in advance for any additional ideas.

Reply

Answer 3

Jan 31, 2011 10:40 AM in response to Lab&Poodle

Lab&Poodle wrote:
The DNS entries are in the settings of the Airport. The laptops are set get their DNS settings from the DHCP server. In this case the Airport.

Please confirm that if you connect a Mac to the guest network, open the Network panel of System Preferences, select the AirPort connection item, click the "Advanced" button, then select the "DNS" tab, you see the IP address of your router, for example 172.16.42.1.

I am not running Time Capsule. It is strictly an Airport Extreme solution.

I understand. A Time Capsule and an AirPort Extreme of the same series are pretty much functionally equivalent except for the Time Capsule's internal disk and its ability to support an external disk with Time Machine.

The problem you're experiencing may be due to the 7.5.2 firmware. Others have reported trouble with that version. You might consider downgrading to the 7.4.2 firmware, if only to investigate whether that fixes the problem.

Reply

Answer 4

Lab&Poodle Author

Level 1

0 points

Jan 31, 2011 12:23 PM in response to William-Boyd-Jr

William,

That is correct. It is the same on Windows also (command prompt/ipconfig /all). All that is provided for DNS is the Airport virtual IP.

Why would the DHCP app not provide the configured DNS IPs? Do you know of a site that has 7.4.2 available so I could test this?

Thanks for your help.

Reply

Answer 5

Jan 31, 2011 1:51 PM in response to Lab&Poodle

Lab&Poodle wrote:
That is correct. It is the same on Windows also (command prompt/ipconfig /all). All that is provided for DNS is the Airport virtual IP.

That should be all that is needed. When I connect to my guest network, the DHCP-supplied DNS address is the one that I mentioned, but DNS resolution works fine. If I do that Network panel exercise while I'm connected to the "main" wireless network, the DNS server I see is 10.0.1.1, which is in a sense also a "virtual IP". What do you see on your system?

Why would the DHCP app not provide the configured DNS IPs?

Because the gateway (the router) stays in the loop, passing DNS requests to the external DNS servers.

Do you know of a site that has 7.4.2 available so I could test this?

You should be able to install 7.4.2 yourself. If it doesn't help, just reinstall 7.5.2. In the AirPort Utility "Summary" panel click on "Version". That should give you a window where you can choose the version to install.

Reply

Answer 6

Lab&Poodle Author

Level 1

0 points

Jan 31, 2011 3:24 PM in response to William-Boyd-Jr

I am confused. The secure wireless shows the two DNS servers I use. The guest wireless just shows the virtual IP of the access point as the DNS.

How does the workstation (whether a MAC or PC) know where to get the DNS resolution on the guest network? I checked both on the network. Under 7.5.2, the DNS settings on the laptops are correct for the secured side and just the virtual on the guest.

I just completed the download of 7.4.2. If does the exact same thing. To test, open preferences/network and choose the secure network. Click advanced and then DNS. I see my two DNS server IPs. Open Safari and up pops the website.

Change the network to guest and check DNS. Now shows the virtual IP. Go to Safari and type in www.adobe.com and it just stalls. Change back to secure and you will first get an error of the site is unavailable. Then do a refresh and it appears.

Please tell me how you set up your unit and workstations. I need to be able to provide access to guest who do not know how to set DNS on their laptops.

Thanks.

Reply

Answer 7

Jan 31, 2011 9:22 PM in response to Lab&Poodle

Lab&Poodle wrote:
I am confused. The secure wireless shows the two DNS servers I use. The guest wireless just shows the virtual IP of the access point as the DNS.

By "shows the two DNS servers" do you mean in the Network panel of System Preferences? With firmware 7.4.2 I never see "outside" DNS servers there, only the router.

How does the workstation (whether a MAC or PC) know where to get the DNS resolution on the guest network?

The "virtual" address is the IP address of your AirPort Extreme router. When the router receives a DNS request, it should pass it along to the DNS servers that it's configured to use.

Please tell me how you set up your unit and workstations.

The workstations are set to depend entirely on DHCP to learn about DNS services. As a result, they only know about the router. The router in turn depends on DHCP to learn about "outside" DNS services. That gives it the dynamic IP addresses of two DNS servers that my ISP provides.

Reply

Answer 8

Lab&Poodle Author

Level 1

0 points

Feb 1, 2011 10:43 AM in response to William-Boyd-Jr

William Boyd, Jr. wrote:

Lab&Poodle wrote:
I am confused. The secure wireless shows the two DNS servers I use. The guest wireless just shows the virtual IP of the access point as the DNS.

By "shows the two DNS servers" do you mean in the Network panel of System Preferences? With firmware 7.4.2 I never see "outside" DNS servers there, only the router.

Yes. In my view, the Airport is working just like a DHCP server. It provides the IP, route and DNS settings.

How does the workstation (whether a MAC or PC) know where to get the DNS resolution on the guest network?

The "virtual" address is the IP address of your AirPort Extreme router. When the router receives a DNS request, it should pass it along to the DNS servers that it's configured to use.

Please tell me how you set up your unit and workstations.

The workstations are set to depend entirely on DHCP to learn about DNS services. As a result, they only know about the router. The router in turn depends on DHCP to learn about "outside" DNS services. That gives it the dynamic IP addresses of two DNS servers that my ISP provides.

Then it appears to be a setting issue with the Airport. My settings are as follows:

Connect Using: Ethernet
WAN port : Automatic
Connection Sharing: Share public address
IPv4: Using DHCP
IP: 10.1.10.10
Subnet: 255.255.255.0
Router: 10.1.10.1
DNS: 68.94.X.X
DNS: 192.168.X.X
Domain: business name
LDAP: 192.168.X.X
Enable NAT Port Mapping Protocol: Checked

Workstations set to get all its information from DHCP. Any suggestions would be very helpful.

Reply

Answer 9

Feb 1, 2011 7:04 PM in response to Lab&Poodle

Lab&Poodle wrote:
DNS: 68.94.X.X
DNS: 192.168.X.X

You're using one "public" IP address and one "private". Is that intentional? What happens if you clear both of those IP addresses and let DHCP supply them?

Reply

Answer 10

Lab&Poodle Author

Level 1

0 points

Feb 4, 2011 12:30 PM in response to William-Boyd-Jr

William Boyd, Jr. wrote:

Lab&Poodle wrote:
DNS: 68.94.X.X
DNS: 192.168.X.X

You're using one "public" IP address and one "private". Is that intentional? What happens if you clear both of those IP addresses and let DHCP supply them?

OK. Now I am very confused. The DHCP entry is 192.168.1.1, which is the same as the Airport from what I can tell. By removing the entries, all my workstations (wired and wireless) now show this address for DHCP and DNS and gateway.

But what confuses me is that it works

I have no idea what the Airport is doing to determine what the DNS entry is for the workstations. But for some reason, it is providing a correct entry AND is also identifying the internal unix servers on the secure side.

I don't know if I want to try putting the firmware upgrade in place fearing that it might break this.

Thanks for all your help.

Reply

Answer 11

Feb 4, 2011 7:36 PM in response to Lab&Poodle

Lab&Poodle wrote:
I have no idea what the Airport is doing to determine what the DNS entry is for the workstations.

Perhaps I'm looking at this from a too-simple point of view, but if you leave the DNS information blank, the AirPort base station will present itself as the DNS server, passing DNS requests "upstream" to the next server in line.

I don't know if I want to try putting the firmware upgrade in place fearing that it might break this.

I'll admit also to staying with 7.4.2, at least for now. At some point when I have a day for work on it I may try 7.5.2.

Reply

Answer 12

Nov 11, 2013 3:46 PM in response to William-Boyd-Jr

Hi,

I've just hit on this problem too, and also found that deleting the DNS entries in my TimeCapsules DNS configuration fixed the problem.

Previously the only way to reach web sites when on the guest network was to use the IP address of the site, or on each device override the virtual IP set for the DNS with a real external DNS IP.

Perhaps my configuration is incorrect, but rather than allow the DNS entries to be taken from my ISP by leaving it blank, I had overriden the first entry with the IP of my server on my private network which hosts DNS. This seems to have the effect of users on the guest network not being able to get any name resolution. Removing the IP pointing to the host on my private network fixed the issue. However, this also means that users on the private network are first directed to the external DNS rather than the internal one first, which forwards to the external ones. So hostnames on the private network no longer resolve!

So that suggests that when on the guest network, the 'upstream' system providing DNS can not be on the private network, which I guess is part of the point of a guest network - complete isolation? Perhaps there needs to be another setting that allows you to configure the DNS for the guest network... That said, I don't ever remember having this problem when I first set this up, and have done a few firmware upgrades since.

Paul

Reply

Answer 13

NathonC

Level 1

10 points

Dec 20, 2015 5:32 AM in response to Paul Verity

I have an airport Time Capsule that failed name resolution (have not tested to see if problem happens on guest network too), my troubleshooting has determined that the DNS server inside the Airport seems to be at fault, take a look at Airport TC internal dns not responding for more details. Without the ability to gain command line access to the Airport kernel, I'm unable to pin this problem down any further!

Reply