This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

NPA and DNS resolution issues

jschuele
New Contributor II

‎09-14-2023 09:11 AM

Netskope is not compatible with Google or Cloudflare public DNS servers (8.8.8.8, 8.8.4.4, 1.1.1.1). This is well known and prevents resolution by NPA for all our configured private apps.
 
Based upon our testing (and trial and error) the following public DNS servers are working with NPA for our users and we must update our fleet of Macs as needed.
  • Comcast (Xfinity):  75.75.75.75, 75.75.76.76
  • AT&T:   68.94.156.1, 68.94.157.1
  • Frontier:  185.228.168.168, 185.228.169.168
  • Quad9 Public DNS Servers: 9.9.9.9, 149.112.112.112
  • Fortinet Public DNS servers : 208.91.112.52 , 208.91.112.53

 

I would like to suggest Netskope maintain a list of known good public DNS servers that work with NPA. This would include updating the list when necessary, due to services not working anymore, etc. In a Work From Home (WFH), traveling, or foreign work force environment, we consistently run into problems with access to private apps due to this issue. 
 
 As a final resolution I would like to recommend Netskope deploy and maintain public DNS servers that the NS Client would automatically use, with the option to disable as needed. Thoughts?
Labels:
4 Replies 4
qyost
Contributor III

‎09-15-2023 06:40 AM

That seems very peculiar, especially since the config docs reference opening access through your firewall to the Google DNS servers.   Is this just with NPA that you're seeing the issue?   If so, where are you doing the resolution, on the client or on the publisher? 

--
-Q.
0 Likes
jschuele
New Contributor II
In response to qyost

‎09-18-2023 07:49 AM

We see this with NPA specifically. I have had multiple tickets open for this issue and the fix has always been to switch DNS providers on the Client side, which will over ride network based settings (router)..

0 Likes
Curious
New Contributor III

‎09-18-2023 08:41 PM - edited ‎09-18-2023 10:54 PM

Hi @jschuele,

Great article, thank you so much for posting it. We also have an issue with name resolution when some of our employees work remotely and use NPA. As we are gradually reducing our VPN usage, the NPA usage is gaining momentum but so are the intermittent DNS issues.

I have an active support case but they haven't yet been able to identify the cause.

You have provided some valuable information. Thank you!

Curious
New Contributor III

‎09-27-2023 11:06 PM

We have identified are issues occur when our clients have IPv6 enabled and they get a Public Routable address (eg. IPv6 address starting with 2001:xxx). This occurs on certain ISP's (in our case Telstra) and when joining a hotspot on an Android phone. Disabling IPv6 on the wifi adapter is resolving the issue. We now need to decide whether or not to disable IPv6 on all laptop wifi adapters or fix on an ad-hoc basis...

 

Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In