Solved

Microsoft DNS Question

Posted on 2004-04-22
11
151 Views
Last Modified: 2010-04-13
I have my domain controller running as my internal DNS.  This works just fine.  I also have a Routing and Remote Access service running on the same machine which my company uses in order to VPN into the network.  Here is my problem:

Inside my network, this works:

ping server1.my_domain.my_company.com
It Replies:  192.168.1.6, which is correct

While VPN'd into my network, it doesn't work:

ping server1.my_domain.my_company.com
It Replies:  A real IP address from my service provider

I tried doing a tracert on it, and it seems that it goes to my Routing and Remote access server, which is also my DNS server, but then it gets forwarded to the network's default gateway of 192.168.1.1.  After that it tries to resolve that domain on the internet, which of course will not work.

I guess my question is how do I tell my DNS server that this is an internal server?  I have an entry in the forward lookup zone for this server:

server1           192.168.1.6

I just can't figure out how to tell my internal DNS server how to resolve server1.my_domain.my_company.com

Any help would be appreciated.  Thanks!
0
Comment
Question by:barthalamu
11 Comments
 
LVL 22

Expert Comment

by:Christopher McKay
ID: 10894839
Hi barthalamu,
You need to enter a pointer in your DNS that says:

server1.my_domain.my_company.com         192.168.1.6

Hope this helps!

:o)

Bartender_1
0
 

Author Comment

by:barthalamu
ID: 10894942
I tried creating a PTR record, but it does not seem to help.  It will not allow me to enter an IP address.  I created a record that looks like:

Name:                    Data:
--------                   -------
server1                   server1.my_domain.my_company.com


Is this correct?  I also tried clearing the cache.

Thanks.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 10895283
What IP address are the VPN clients getting?  In the VPN client what IP do you have configured for DNS?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 7

Expert Comment

by:PaulADavis
ID: 10904677
try enabling ip routing on the ip tab of the rras server properties....
0
 

Author Comment

by:barthalamu
ID: 10910072
MSGeek:

The RRAS service is giving out the range of:
192.168.1.201 - 192.168.1.215

Here is a sample of what the RRAS is giving out to a client when connected:  ( ipconfig /all )
IP Address. . . . . . . . . . . . : 192.168.1.202
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.202
DNS Servers . . . . . . . . . . . : 192.168.1.5
                                            64.81.45.2
Primary WINS Server . . . . . . . : 192.168.1.8

The 192.168.1.5 is my internal DNS server.

PaulADavis:
I do have this enabled.  Thanks.

Thank to both for the help.
0
 

Author Comment

by:barthalamu
ID: 10910080
MSGeek:

The RRAS service is giving out the range of:
192.168.1.201 - 192.168.1.215

Here is a sample of what the RRAS is giving out to a client when connected:  ( ipconfig /all )
IP Address. . . . . . . . . . . . : 192.168.1.202
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.202
DNS Servers . . . . . . . . . . . : 192.168.1.5
                                            64.81.45.2
Primary WINS Server . . . . . . . : 192.168.1.8

The 192.168.1.5 is my internal DNS server.

PaulADavis:
I do have this enabled.  Thanks.

Thank to both for the help.
0
 

Author Comment

by:barthalamu
ID: 10910082
sorry about the double post.
0
 
LVL 9

Accepted Solution

by:
MSGeek earned 500 total points
ID: 10912046
bathalamu.. change RRAS so the client does not receive a default gateway when connected.  They will not be able to surf the web, but do you want them doing so from an unsecured location?

The other solution would be to go with something a little more secure.  Depending on the number of users you have a Cisco PIX 501 or 506E with the Cisco VPN client will give you 3DES encryption and a sure tunnel  MSGeek
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question