Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1457
  • Last Modified:

DNS over Windows PPTP

I have a Windows 2003 Server running as a PPTP server.  My clients use Windows XP Pro SP2 to remote in.  I have a different 2003 server providing DHCP to the VPN clients and a PIX 515 simply passing PPTP connections through to the VPN server.

This all worked up until a week ago.  Now some of the clients are having trouble resolving DNS internal names.  I check their ipconfig and they are getting the correct DNS information from the DHCP server but if they try resolve an internal FQDN it tries to incorrectly pass the DNS request to their ISP's DNS servers instead of the ones that the VPN & DHCP server assigned them.  As a result they can surf the internet fine over the VPN but they can't connect to internal resources such as our intranet.

'Use Default Gateway on Remote Network' is checked.

I read somewhere that this is a known bug with the Windows XP PPTP client. If so is there any workaround or solution?
0
zheron
Asked:
zheron
  • 2
  • 2
1 Solution
 
merowingerCommented:
Do u have enabled split tunneling?
0
 
zheronAuthor Commented:
'Use Default Gateway on Remote Network' on the client side is checked, so no I am not using split tunneling, unless you are referring to something else?

Aside from that pinging the resources IP address seems to work fine, so it's not a routing issue.  Definately DNS.
0
 
Rob WilliamsCommented:
Can you connect or ping using the FQDN such as  Computer1.MyDomain.abc?
If so try adding the domain suffix on the WINS tab of the VPN/Virtual/PP adapter of the client machine, it will usually "resolve".
Sounds like you are using a DHCP relay agent, and a 2003 DHCP server rather than RRAS DHCP. If so, instead you can add that to your scope option under option #015 rather than each PC.
0
 
zheronAuthor Commented:
Thanks merowinger you nailed it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;311218

was my problem.  That solution also led me do some more googling which produced an outstanding description of the problem and solution.  Posting here in case anyone else runs into this issue.

http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now