Solved

Windows VPN Connections Not Resolving Internal DNS

Posted on 2006-06-29
7
1,011 Views
Last Modified: 2012-05-05
I was debating what section to actually post this...

I have users making VPN connections through a Cisco PIX and authenticating via RADIUS to a Windows 2000 server running IAS and RRAS. My Mac OS X and Linux users, once connected are able to resolve addresses to their internal IP through our internal name server running BIND. However, Windows XP users when trying to resolve internal names in DNS recieve external IPs as if they were using another public DNS server.

In Windows XP, while connected through VPN, I can run ipconfig /all and see that the correct DNS Server is in place. However, when doing an nslookup, it's trying to use the local router of where the computer is VPN'ing from as the DNS server.  For example, I'm connected to my office VPN from home and when I run nslookup it is using my home router's IP as the default server. I've also tried doing an ipconfig /flushdns to no avail.

As I said, it's just on Windows where I have this problem and it's multiple if not all Windows VPN users. We have another main office that has pretty much an identical setup as mine except they use Microsoft DNS and when making a VPN connection to their network I have the same problem.

Any ideas?
0
Comment
Question by:icarus004
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17022397
One thought; test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
0
 
LVL 9

Accepted Solution

by:
muff earned 250 total points
ID: 17031177

Have you determined whether the internal DNS servers are accessible when the Windows XP vpn users are connected?

If you do

   nslookup
   server <internal dns>

Then type a name you want to resolve.  I am guessing this will work, because it works for the linux users.  So it is probably that the Windows machine is falling back to the local DNS servers (when you do ipconfig /all, do you see dns servers defined against the physical interfaces aswell as the logical interface created for the VPN?)

If this is the case, then it could be a timeout issue, the internal DNS servers are not responding quickly enough, or packets are being lost... which perhaps indicates a problem with the VPN itself.  Windows is much more sensitive to dns timeouts than linux.  Try to resolve a few addresses to see if you get any timeouts.

0
 
LVL 2

Author Comment

by:icarus004
ID: 17032708
In my original question I mentioned how when connected via VPN, ipconfig /all shows that I am using the internal name server but nslookup shows that the default server is my home gateway/router. When VPN'd in nslookup doesn't seem to query my internal NS at all as I get the external IP's when doing a lookup. That said, and probably should have mentioned earlier, I am able to resolve certain addresses that do not have a public record in an external DNS server.

Your question about dns servers defined for the physical interface as well as the VPN interface made a light go off for me.

Although connected to my network via VPN, Windows is still wanting to use the DNS entry for the physical interface. If it can't find a resolutioin there it than queries my internal name server which shows as the defualt in ipconfig but not nslookup. This is why I'm still able to resolve servers that do not have a public DNS entry. So... How do I force Windows VPN connections to only use my internal name server?  

I've tried forcing it under the Networking ---> TCP/IP properties of my VPN connection.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 17032877
>>"How do I force Windows VPN connections to only use my internal name server? "
You say you have tried forcing under TCP/IP properties. Is this by manually assigning the DNS servers? Should work.

The VPN client seems to get it's DNS servers from the actual server's configuration rather than from the DHCP scope. What does the VPN server have as it's DNS servers. It should have only your own internal DNS server/s and no ISP DNS servers. ISP DNS servers should be added as forwarders only.

You can also force all traffic through the tunnel by enabling the "use default gateway on remote network" option located under the advanced TCP/IP properties of the VPN/virtual network adapter. This is usually enabled by default, but will block local Internet access, and force all traffic through the tunnel.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up VPN on a virtual machine for iPhone Users 4 108
Cannot Delete Sonicwall VPN policy 5 78
SSL VPN to Fortigate 100D 2 19
Clientless VPN Access 23 41
One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question