Remote users have domain name resolution issues when in house using internal DNS

Posted on 2007-12-03
Last Modified: 2010-08-05
I have 3 domain controllers all running Windows 2003 Server R2 with dns installed. I have some users that travel and work from home. Those users have issues resolving our websites because dns is resolving them to the external IP instead of the internal local IP. If they repair their network connection this usually fixes it. Below is a very detailed explanation of the problem I found online but the solution they proposed did not work properly in my environment.

"Another problem is that you are connected to the internet but there is a conflict between the DNS name you are using internally and the same domain name that is registered on the internet.  Confusion may be caused by your web server or your Exchange server registering the same domain name but with a different IP address.   For instance your ISP or InterNic may have legitimately assigned a different IP address for your domain name."

Question by:IsaacWeathers
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 11

Expert Comment

ID: 20397756
Are your DNS servers public? Do they heve a public IP?
How do your users connect from home to the server?

If they have a permanent connection to the Internet and your NS Ips are public, then they must set on there LAN connection TCP/IP-prperties Primary/Preffered DNS and Secondary/Alternative DNS = your public ips

Author Comment

ID: 20397811
DNS servers are internal not public. They do not have a public ip. Remote users are getting on our network via Microsoft VPN client. Our remote and local users are all DHCP and the DNS ips that we assign to networking settings are all internal IPs. None of the dns entries in the tcp/ip properties are pointing to public dns servers (it is recommended you only use internal dns and use dns server to foward requests for domain names it can't resolve to public dns servers)
LVL 11

Expert Comment

ID: 20397879
If you have configured the VPN Client or PPTP client to use the same group as that of the SSL VPN Client, ensure that you have enabled IPsec on the group where the client connects. This resolves the DNS issue.
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

LVL 11

Expert Comment

ID: 20397918
I did not read all of the article -but- maybe you can read it...

Name resolution issues for the VPN client are often problematic. The Firewall client needs to be able to resolve the name of the ISA Server to the internal IP address of the ISA Server. You might think configuring a WINS and DNS server would be enough, but Ive found the results to be somewhat inconsistent, even when Ive gone out of my way to create a WINS referral zone in DNS. The best solution is to configure the VPN client to receive an address of a DNS server that can resolve the name of the internal interface of the ISA Server to its internal IP address
LVL 11

Expert Comment

ID: 20397956
Something that I came up now...
Does your remote users have set the DNS suffix on there connection? That might resolve the issue.

Author Comment

ID: 20398272
Maybe I need to give an example. We have a group of users that have laptops. These users rarely come to the office. Most of the time they work off the network but when they connect to the VPN they are no longer able to connect to our websites that are hosted internally. The reason is that DNS resolves to an external IP instead of the internal IP. Firewall does not allow a user in the network to go outside the network to come back in to the external IP. Does that make more sense? Almost as if the Internal DNS servers had not been queried instead old cached dns requests had been used. This is why repairing connection usually works because the cache is cleared.
LVL 11

Accepted Solution

AkisC earned 500 total points
ID: 20398405
Goto to the Advanced TCP/IP properties of each "home user" and uncheck the Enable LMHOSTS lookup checkbox
Also check Enable BIOS iver TCP/IP

If that does not resolve the problem... A Work around...(?)
When you click repair connection the OS
attempts to renew the DHCP lease, if the connection obtains its IP address through DHCP, using a broadcast message.
Flushes the Address Resolution Protocol (ARP) cache using the command arp -d *
Flushes the NetBIOS cache using the command nbtstat -R
Flushes the DNS cache using the command ipconfig /flushdns
Reregisters the NetBIOS name and IP address with WINS using the command nbtstat -RR
Reregisters the computer name and IP address with DNS using the command ipconfig /registerdns

Create and install a script (on the users computer) that does all the above before it connects to your VPN .


Author Comment

ID: 20457113
I have been testing your solution with about 4 of the people having this problem. It seems that the work around is the only fix for it. None of the other fixes suggested have worked. The only problem I have is that I don't want to be having this script run every time a person logs on. I need something better not just a workaround.

Author Closing Comment

ID: 31422252
The proposed solution was just a bandaid. I would prefer to know the root cause of the issue not just run a script when it happens to fix it.

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Server 7 81
web server dns redirect 5 74
DNS times out 2 36
Active Directory Disappeared 2 52
Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question