Multicast DNS and .local situation in Unified Access Gateway

I’ve recently upgraded my home lab from UAG 3.6 to 3.7.1 and I’ve noticed, that basically everything stopped working. That’s weird, so I started my investigation and by the investigation, I mean reading carefully release notes for UAG 3.7.

The last bullet point caught my attention because my lab domain is minarik.local.

So the first thing I logically tried during the troubleshooting was DNS resolving.

nslookup horizon.minarik.local

And sure enough, it throws an error.

The next thing I noticed is that it’s definitely not trying to resolve the name on my DNS server, but on the weird 127.0.0.53 address. My steps went to /etc/resolv.conf

If I changed the name server here to my DNS it started to work. BUT DON’T DO IT! You should never edit the configuration file manually – always put your configuration to your PowerShell deployment script (and redeploy) or use the Admin UI. The reason why this is a bad idea is that this (and over) files will be overridden when you make a change in Admin UI or when you reboot the UAG.

I read a little more of our documentation and the correct command to check the DNS config is:

systemd-resolve --status

My DNS servers are really there! They can resolve everything, but my .local domain…

Conclusion

Don’t use .local for hostnames. .local is reserved for Multicast DNS (mDNS) and resolve requests for names ending in .local will not be sent to normal (Unicast) DNS. Earlier versions of UAG based on Photon 2 did allow .local names to be resolved, but this has been fixed in UAG 3.7 (Photon 3). 

What if I am using .local?

If hosts in the environment have been named with a .local suffix then there are 3 workarounds until you can move away from the reserved suffix .local.

  1. Use an IP address in place of hostname references in settings such as ntpServers, proxydestinationUrl, etc.
  2. Add the host entry for the .local host in the UAG hosts file (via PowerShell or the Admin UI). Never edit /etc/hosts file directly.
  3. Add an alias CNAME record in DNS to give an alternative name for any .local host (e.g. for the myinternalserver.local DNS entry, use myinternalserver.int as a CNAME and then use the .int name for any hostname references on UAG).