Public DNS / Translate Internal DNS

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Stupid User Question...

I setup our BYOD network to use Google Public DNS Servers instead of our internal DNS servers.  I have one IP Policy rule that allows BYOD to get to our Exchange ActiveSync server on the internal address.  Google Public DNS is returning the external IP address for ActiveSync (as it should), but my firewall will not allow the traffic to loop out and back all their Smartphones stop syncing.  If I use my internal DNS this works fine. 

Is there anyway to write an IP Policy or other rule to see if traffic is heading to one external IP override and route to a different IP Address?  This would allow me to continue using Google DNS and not have to enable BYOD to use my internal DNS.

Photo of Smitty


  • 37 Posts
  • 3 Reply Likes

Posted 4 years ago

  • 1
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Are using NAT on your SSID?  Or does your deployment include Aerohive Branch Routers as well as APs?

Unless you are using NAT on the SSID (or a BR is the router, which it sounds like is not the case), the DNS setting in the typical wireless only network policy does not apply to your wireless clients.  That setting (Additional Settings > Management Server Settings > DNS Server) applies to the AP itself.  

So when you change this setting from public to internal, you are changing where the AP gets its domain info, not the where the clients get their DNS.  The client DNS server is determined via whatever DNS server is assigned via DHCP or statically.

So change the setting in the network policy to point to your internal server.  You can console into the AP and try pinging your exchange server before and after to see the difference.  Then ping the exchange server from your client