We’ve been having problems lately when the vpn connection goes down and I really would appreciate some help to see where the problem is.
We have 3 DC’s, which are also our DNS servers in an AD domain. All DC’s are W2K3 SP1. We have a vpn connection to our root domain which replicates AD and DNS traffic. On our DNS servers we have the forwarders as 3 DNS servers in the root domain and 2 DNS servers for the local ISP.
The problem is that when the VPN tunnel connection in RRAS connection on our ISA server goes down, which happens a couple of times a week usually, no clients can browse the internet because domain names aren’t being resolved, if the IP address is inserted on the browser then there’s no problem. Also the SMTP queue in Our Email (Exchange 2003) is backed up with email. Obviously this seems like a DNS problem to me, but I don’t understand why the local ISP DNS servers aren’t allowing the resolution. I tested them and they are pingable and they resolve domain names through the internet if I connect a pc directly to the external WAN switch, bypassing our ISA server.
I ran a dcdiag /dnsall and /fix and our DNS servers pass without problems.
How can I make sure that when the vpn connection goes down that we can rely on the local ISP DNS servers for our internet browsing and SMTP routing? Could this be a rule in ISA that should be created for this traffic?