Why do our remote VPN users try to resolve DNS externally (via home router, which does external lookups) before resolving internally within the VPN accessed LAN?
Office set-up: 2 Windows 2003 DCs (SERVER1B, SERVER1L), 1 Windows 2003 Server with Exchange 2003 (EXCHANGE), 2 Windows 2000 Servers as resource servers (SERVER1, SERVER2). The 2 DCs are DNS Servers; SERVER1B is RRAS/VPN server; SERVER1L is DHCP server. SERVER1B's NIC points to SERVER1L for DNS (shouldn't point to itself), SERVER1L's NIC points to SERVER1B for its DNS.
Externally hosted DNS is a service provider, and defines our external facing access (e.g., mail service A and MX records, web site, ftp site, etc.).
Internal units all use internal DNS (1B, 1L) as configured by DHCP. Our DNS servers forward unresolved to our office router; the office router forwards to opendns.com to resolve external domains/addresses. Office Router points incoming VPN/RRAS traffic at SERVER1B.
Remote user has COMPUTER-C (WIN2K Pro), a domain member, at her home, configured for DHCP, with a home router and cable ISP. She VPNs to our Office successfully, receiving a DHCP address from the VPN/RRAS server. She cannot connect to our EXCHANGE server because her COMPUTER-C is going to her cable ISP (via her home router, which forwards unresolved to the ISP) for name resolution before going to the internal DNS servers. At our External DNS, EXCHANGE is configured with our exposed/public IP (e.g., 220.127.116.11) whereas internally it has our NAT address (e.g., 192.168.0.7 ). Naturally, with a resolved address of 18.104.22.168, she cannot reach 192.168.0.7 …
WHY is COMPUTER-C going to the external DNS before resolving its IP needs internally ? With MS VPN, shouldn't all IP traffic be routed through the VPN tunnel first ?
Is there a way to force COMPUTER-C to use, when connected, the internal DNS before using its local LAN/home network's DNS to avoid external resolution ?