Skip to main content
Knowledge Base

Test a local network's DNS settings for Access Control

  1. Last updated
  2. Save as PDF

A DNS lookup takes a fully qualified domain name (FQDN) and translates it into an IP address. If the computer you are testing with is unable to resolve the proper IP address(es) for the Alarm.com cloud, the device will fail to connect.

How to test DNS settings

To verify the device is handling DNS resolution correctly:
  1. Temporarily disconnect the device (e.g., Access Controller, video device, etc.) from its current network port and plug the computer you will be testing with into the same port.
  2. Use one of the following computers to test:
    • Windows:
      1. Open a Command Prompt window.
      2. In the new window, type in nslookup mercury.g4c5j.com. and press Enter. Please be sure to add the . after the .com.
      3. The non-authoritative answer results should look like the following:

        Windows DNS lookup.png
         
    • macOS:
      1. Open a Terminal window.
      2. In the new window, type in nslookup mercury.g4c5j.com. and press Enter. Please be sure to add the . after the .com.
      3. The non-authoritative answer results should look like the following:

        macOS DNS lookup.png
         
  3. Review the following link to verify the IP address returned by nslookup is listed: https://alarmadmin.alarm.com/ip-ranges.json

    Note: The IP addresses in the link above also include the subnet mask which is indicated by the IP addresses ending in /22, /23, or /24. The subnet mask indicates the range of IP addresses used. If we look at the address 192.155.70.0/23 from the link above, that “/23” tells us the IP range is 192.155.70.0 – 192.155.71.255.


In addition, verify that mercury.g4c5j.com is returned for the Name field (pictured above) or Aliases field (not pictured above). If the IP address returned by nslookup does not match any of the listed IP addresses at the above link, or the name returned is not correct, DNS hijacking may be taking place. DNS hijacking most commonly occurs when an ISP intercepts the request.

If no name or IP address information is being returned, there are various items that will need to be reviewed. See How to resolve DNS issues below.

How to resolve DNS issues

If the expected Non-authoritative answer results do not appear, it is recommended to try the following:

  1. Perform another nslookup using a public DNS server (e.g. 8.8.8.8):

    nslookup.png
     
    1. If the proper results are now being returned, contact the network IT Admin to explain the situation and determine what DNS server IP address(es) should be used. Once the network IT Admin provides the DNS server(s) IP address(es) information, perform the same test as pictured above utilizing the newly provided IP address(es).
    2. If the working DNS IP addresses are not being assigned as part of DHCP, they will need to be configured. For instructions on this process, see Configure an Access Control door controller to use a static IP.
    3. Normally you should use the DNS server IP address(es) provided by the network IT Admin. If the DNS address(es) provided do not work, or no specific DNS server IP address(es) were provided, try setting the device's DNS to use Google's public DNS server: 8.8.8.8
If after the above tests DNS resolution still appears to not be working correctly: 

Contact the network IT Admin as one of the following issues may be occurring:

Note: If there is no network IT Admin managing the location, contact the customer's Internet Service Provider (ISP) to get assistance.

The Ethernet port being utilized is not part of a network that has a DHCP server

Managed network switches may be configured to have unique settings per port. The network IT admin will either place the device’s (e.g., Access Controller, video device, etc.) Ethernet port in a network that allows for DHCP, or they will require you to configure the device to utilize a static IP address.

For more information, see Configure an Access Control door controller to use a static IP.

Ports and protocols required are being blocked by a firewall

If it is determined that a firewall is in place, advise the network IT Admin the following ports need to be opened:

The Ethernet interface of the computer being used to test is set to use a statically defined DNS server(s)

Check the TCP/IP settings of the test computer’s Ethernet network interface to verify it does not have a DNS server statically defined.

More than one DHCP network is on the network (very rare)

This rare diagnosis requires confirmation from the local IT Admin.

Interested in Alarm.com?

Alarm.com technology is sold, installed, and serviced by licensed service providers near you.

 

Let's Get Started