DescriptionUse the "dig" tool to determine the IP address resolution of a specific domain.SolutionRun the following command in the Server/Application Server CLI:
dig @<eth1 IP address of isolation network> <domain name>
Example: Domain is in Allowed Domains List (zones.common)
safebrowsing.google.com and its common name (sb.l.google.com) is listed in zones.common...
> grep -i safebrowsing.google.com /var/named/chroot/etc/zones.common
zone "safebrowsing.google.com" {
> grep -i sb.l.google.com /var/named/chroot/etc/zones.common
zone "sb.l.google.com" {
safebrowsing.google.com resolves to the actual IP address (172.217.11.14)...
dig @192.168.23.2 safebrowsing.google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> @192.168.23.2 safebrowsing.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39818
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;safebrowsing.google.com. IN A
;; ANSWER SECTION:
safebrowsing.google.com. 82293 IN CNAME sb.l.google.com.
sb.l.google.com. 300 IN A 172.217.11.14
Example: Domain is not in the Allowed Domains List
cnn.com is not found in zones.common.
> grep -i cnn.com /var/named/chroot/etc/zones.common
>
This domain resolves to the eth1 IP address.
> dig @192.168.23.2 cnn.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> @192.168.23.2 cnn.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13775
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cnn.com. IN A
;; ANSWER SECTION:
cnn.com. 30 IN A 192.168.23.2
;; AUTHORITY SECTION:
. 11 IN NS isol.bradfordnetworks.com.
;; ADDITIONAL SECTION:
isol.bradfordnetworks.com. 15 IN A 192.168.23.2
To add domains to the Allowed Domains page, refer to related KB article below.
Related Articles
Technical Note: Troubleshooting domain resolution for agent communication
Technical Note: Add Allowed Domains using the Administration UI
Technical Note: Captive Portal page secured with SSL certificate not building or slow to build
Technical Tip: Troubleshooting domain resolution in the captive portal