In NAT mode, a Cisco Meraki AP acts as a DNS forwarder. DNS resolution in NAT mode follows the process below.
- Wireless client sends DNS query to the AP at 10.128.128.128.
- The AP checks in a per-SSID cache to see if the record requested by the client is cached from a previous DNS lookup.
- If the record does exist in the AP's DNS cache for that SSID, the AP resolves the query locally and responds to the wireless client with the record in a DNS response.
- If the record is not in the AP's DNS cache for that SSID, it queries the local DNS servers that it has been configured to use. The AP will try the primary DNS server first. If the primary DNS server does not respond, a secondary DNS server will be queried, if configured. If neither DNS server responds, a DNS reason code "Reply timed out - The DNS server did not respond within the allotted time frame" message is sent to the client.
- When the AP receives a response containing the DNS record from the local DNS server, it caches the results and sends a DNS response to the wireless client.
Cisco Meraki APs can resolve external or internal DNS names depending on the ability of the local DNS servers they are configured to use. The AP only performs DNS recursively. If the recursion bit is not set in the DNS request from the wireless client the AP will not be able to resolve the DNS query.
If it is desirable to have wireless clients use different DNS servers than those configured for the AP itself, custom DNS server addresses can be provided.