[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

DNS Failure from VPN Clients

I cannot get name resolution of a downlevel name from those clients connected via our remote VPN. If I do a DNS query (nslookup) for the internal fully qualified name - the query is successful. Using the NetBIOS name - it fails.The DNS Debug log entry is:

19:28:54 41C PACKET  UDP Rcv 192.168.1.100   0003   Q [0001   D   NOERROR] (5)bingo(0)
19:28:54 41C PACKET  UDP Snd 192.168.1.100   0003 R Q [8281   DR SERVFAIL] (5)bingo(0)

Can anyone point me in the right direction for troubleshooting description for this type of error. The same query works fine when connected on the local LAN. Any suggestions would be appreciated.
0
kaesm
Asked:
kaesm
  • 4
  • 2
  • 2
  • +1
1 Solution
 
odedfCommented:
If you have a WINS configured in your LAN, try and configure the WINS Server IP. It works for me.
OF
0
 
joedoe58Commented:
Hi,
Since you try to use NetBios name try to troubleshoot with nbtstat -A "ipaddres" from the remote computer. That means that you run the command on the remote computer and try to resolve the name of a computer on the other side of the vpn. If that does not work see if the netbios query is blocked somewhere on the line.
0
 
kaesmAuthor Commented:
We have WINS configured and the DNS server is set to use it. Shouldn't DNS pass the query to WINS if it can't resolve itself? Running nbtstat as noted above works everytime for any IP on the remote LAN. I also had a similar setup on another network and did away with WINS and NetBIOS altogether. Given we have a native W2K3 network and all W2K/XP clients - I would like to do the same here.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
gjohnson99Commented:
1. do you have entery in your DNS for the station/srever ?

2. do you have an entery in your DHCP server for the station/srever ?
0
 
kaesmAuthor Commented:
I have DNS manually configured on the remote client and have even go so far as to configure it in my DHCP settings on my broadband router at home. Either way the result is the same - it doesn't work without having a WINS server configured on the client.
0
 
gjohnson99Commented:
How does your Vpn hand out the IP address ? By DHCP on the server ?
0
 
kaesmAuthor Commented:
That's one of my issues - the guy before me didn't set anything up at all for that. You maintain your original address going into the tunnel and I haven't had the time to sort out the set up with out messing everyone else up. I need to configure this to hand out internal IP addresses with all the other (DNS etc...) settings.
0
 
joedoe58Commented:
If your remote clients do not appear in the dns server you will never be able to do name resolution against them. You could try to give them a static IP enter them into WINS and on the remote clients use the lmhost file to direct them to the wins. This of course depends on the fact if the ports are open for wins that is ports 137-139
0
 
kaesmAuthor Commented:
It's taken a bit to get back to this issue but I have FINALLY reconfigured our VPN client connection. I stopped  using the vendor client and set up an ISA VPN server using Radius for authentication and DHCP to set the ip configuration. All of this works wonderfully as long as I use the DNS name of a file share (\\server.domain.local\share\folder) rather than the NetBIOS name (\\server\share\folder). My goal is to do away with WINS/NetBIOS altogether so I'm happy with the way this works now. It would still be nice to work this out though.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now