- Last updated
- Save as PDF
Overview
The Cisco Meraki MX Security Appliance usesDynamic DNS(DDNS) to update its DNS host record automatically each time its public IP address changes. This feature is useful because it allows the administrator to configure applications such as client VPN to access the MX by its hostname which is static instead of an IP address that may change over time.
Note:MX appliancesbound to template networks cannot have their DDNS settings modified.
Note: DDNS hostnamesaretied to the network that the MX belongs to.Moving it to a different organization or network, the hostname will change.
Configuration
To useDynamic DNSon your MX Security Appliance, it must first be set to Routed mode. This is done under Security & SD-WAN >Configure > Addressing & VLANs in Dashboard.
MXs in Passthrough or VPN concentrator mode do not supportDynamic DNS (DDNS) on firmware below MX 16.X
Enabling RoutedMode
Once the MX is set to Routed mode, theDynamic DNSsection will appear at the bottom of the Security & SD-WAN >Configure > Addressing & VLANs page with a link to the Security & SD-WAN > Monitor > Appliance statuspage.
Enabling Dynamic DNS
Once on the Security & SD-WAN > Monitor > Appliance statuspage, select the pencil icon next to Hostname, located between the WAN IP and Serial Number on the left of the page.
A dialog box will appear for configuring Dynamic DNS. Select Enabledin the dialog box and enter a public domain name if necessary, then select Update.
After DDNS is enabled, you can confirm it is working by performing a DNS query for the MX DDNS hostname. Open a command prompt on any workstation and type"nslookup <your dynamic DNS name>." The DNS response should return the current active public IP address of the MX.
Note: The expectedTTL for dynamic DNS records is typically about 10 minutes, so you may need to wait 10 minutes before testing to see accurate results.
Note:If DDNS is in use with an HA pairconfigured with a virtual IP (VIP) behind NAT, DDNS will resolve to the NAT-translated (public) address of themanagement/uplink IP, rather than the NAT-translated virtual IP.
Troubleshooting
Querying theMX DNS hostname
Testing Dynamic DNS Resolution
The following instructions describe how to find out what servers are resolving our dynamic DNS, and query them to see what IP address they are associating to the MX:
- Open cmd.exefrom "C:\Windows\System32"on your laptop, and run a "nslookup"
- Set query to any and sort it for dynamic-m.com. It will list all the servers used by dynamic-m.com.
- This lists the servers serving this dynamic-m site for its host nameslookup. You would be checking if you could search for thehostnamefrom the individual servers.
nslookup [-option] [hostname] [server]
This would help inlearning if the IP address was ever updated on the server and if the problem is the servers not responding to the requests.