Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Windows VPN Connections Not Resolving Internal DNS

Posted on 2006-06-29
Medium Priority
Last Modified: 2012-05-05
I was debating what section to actually post this...

I have users making VPN connections through a Cisco PIX and authenticating via RADIUS to a Windows 2000 server running IAS and RRAS. My Mac OS X and Linux users, once connected are able to resolve addresses to their internal IP through our internal name server running BIND. However, Windows XP users when trying to resolve internal names in DNS recieve external IPs as if they were using another public DNS server.

In Windows XP, while connected through VPN, I can run ipconfig /all and see that the correct DNS Server is in place. However, when doing an nslookup, it's trying to use the local router of where the computer is VPN'ing from as the DNS server.  For example, I'm connected to my office VPN from home and when I run nslookup it is using my home router's IP as the default server. I've also tried doing an ipconfig /flushdns to no avail.

As I said, it's just on Windows where I have this problem and it's multiple if not all Windows VPN users. We have another main office that has pretty much an identical setup as mine except they use Microsoft DNS and when making a VPN connection to their network I have the same problem.

Any ideas?
Question by:icarus004
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 77

Expert Comment

by:Rob Williams
ID: 17022397
One thought; test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

Accepted Solution

muff earned 1000 total points
ID: 17031177

Have you determined whether the internal DNS servers are accessible when the Windows XP vpn users are connected?

If you do

   server <internal dns>

Then type a name you want to resolve.  I am guessing this will work, because it works for the linux users.  So it is probably that the Windows machine is falling back to the local DNS servers (when you do ipconfig /all, do you see dns servers defined against the physical interfaces aswell as the logical interface created for the VPN?)

If this is the case, then it could be a timeout issue, the internal DNS servers are not responding quickly enough, or packets are being lost... which perhaps indicates a problem with the VPN itself.  Windows is much more sensitive to dns timeouts than linux.  Try to resolve a few addresses to see if you get any timeouts.


Author Comment

ID: 17032708
In my original question I mentioned how when connected via VPN, ipconfig /all shows that I am using the internal name server but nslookup shows that the default server is my home gateway/router. When VPN'd in nslookup doesn't seem to query my internal NS at all as I get the external IP's when doing a lookup. That said, and probably should have mentioned earlier, I am able to resolve certain addresses that do not have a public record in an external DNS server.

Your question about dns servers defined for the physical interface as well as the VPN interface made a light go off for me.

Although connected to my network via VPN, Windows is still wanting to use the DNS entry for the physical interface. If it can't find a resolutioin there it than queries my internal name server which shows as the defualt in ipconfig but not nslookup. This is why I'm still able to resolve servers that do not have a public DNS entry. So... How do I force Windows VPN connections to only use my internal name server?  

I've tried forcing it under the Networking ---> TCP/IP properties of my VPN connection.
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1000 total points
ID: 17032877
>>"How do I force Windows VPN connections to only use my internal name server? "
You say you have tried forcing under TCP/IP properties. Is this by manually assigning the DNS servers? Should work.

The VPN client seems to get it's DNS servers from the actual server's configuration rather than from the DHCP scope. What does the VPN server have as it's DNS servers. It should have only your own internal DNS server/s and no ISP DNS servers. ISP DNS servers should be added as forwarders only.

You can also force all traffic through the tunnel by enabling the "use default gateway on remote network" option located under the advanced TCP/IP properties of the VPN/virtual network adapter. This is usually enabled by default, but will block local Internet access, and force all traffic through the tunnel.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question