While troubleshooting a remote Z1 that is losing connectivity to a specific host at consistent intervals (20 sec up then down for about 35, problem exclusive to this host/site - if anyone has any ideas there) I bumped into this pcap...
5363 297.110712 CiscoMer Broadcast ARP 60 Who has 8.8.8.8? Tell 1.1.1.1
It's spamming this broadcast.. I'm failing to understand why it's doing this. The Meraki isn't the edge router at the remote site, so I believe it should be set to IP tracking instead of MAC tracking, but if I'm understanding what's happening it's proxy ARPing on behalf of 1.1.1.1? Why would one DNS ARP for another DNS? And how is that even making it past the edge router into the local network? So confused..
FYI: It's probably a regular comcast router at that end, but I'm not sure
Edit: the Z1 is on a S2S vpn to a MX64 at our DC
No comments:
Post a Comment