Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

Remote users have domain name resolution issues when in house using internal DNS

I have 3 domain controllers all running Windows 2003 Server R2 with dns installed. I have some users that travel and work from home. Those users have issues resolving our websites because dns is resolving them to the external IP instead of the internal local IP. If they repair their network connection this usually fixes it. Below is a very detailed explanation of the problem I found online but the solution they proposed did not work properly in my environment.

"Another problem is that you are connected to the internet but there is a conflict between the DNS name you are using internally and the same domain name that is registered on the internet.  Confusion may be caused by your web server or your Exchange server registering the same domain name but with a different IP address.   For instance your ISP or InterNic may have legitimately assigned a different IP address for your domain name."

0
IsaacWeathers
Asked:
IsaacWeathers
  • 5
  • 4
1 Solution
 
AkisCCommented:
Are your DNS servers public? Do they heve a public IP?
How do your users connect from home to the server?

If they have a permanent connection to the Internet and your NS Ips are public, then they must set on there LAN connection TCP/IP-prperties Primary/Preffered DNS and Secondary/Alternative DNS = your public ips
0
 
IsaacWeathersAuthor Commented:
DNS servers are internal not public. They do not have a public ip. Remote users are getting on our network via Microsoft VPN client. Our remote and local users are all DHCP and the DNS ips that we assign to networking settings are all internal IPs. None of the dns entries in the tcp/ip properties are pointing to public dns servers (it is recommended you only use internal dns and use dns server to foward requests for domain names it can't resolve to public dns servers)
0
 
AkisCCommented:
If you have configured the VPN Client or PPTP client to use the same group as that of the SSL VPN Client, ensure that you have enabled IPsec on the group where the client connects. This resolves the DNS issue.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
AkisCCommented:
I did not read all of the article -but- maybe you can read it...
http://www.isaserver.org/tutorials/vpnclientsecurity2.html

Name resolution issues for the VPN client are often problematic. The Firewall client needs to be able to resolve the name of the ISA Server to the internal IP address of the ISA Server. You might think configuring a WINS and DNS server would be enough, but Ive found the results to be somewhat inconsistent, even when Ive gone out of my way to create a WINS referral zone in DNS. The best solution is to configure the VPN client to receive an address of a DNS server that can resolve the name of the internal interface of the ISA Server to its internal IP address
0
 
AkisCCommented:
Something that I came up now...
Does your remote users have set the DNS suffix on there connection? That might resolve the issue.
0
 
IsaacWeathersAuthor Commented:
Maybe I need to give an example. We have a group of users that have laptops. These users rarely come to the office. Most of the time they work off the network but when they connect to the VPN they are no longer able to connect to our websites that are hosted internally. The reason is that DNS resolves to an external IP instead of the internal IP. Firewall does not allow a user in the network to go outside the network to come back in to the external IP. Does that make more sense? Almost as if the Internal DNS servers had not been queried instead old cached dns requests had been used. This is why repairing connection usually works because the cache is cleared.
0
 
AkisCCommented:
Ok...
Goto to the Advanced TCP/IP properties of each "home user" and uncheck the Enable LMHOSTS lookup checkbox
Also check Enable BIOS iver TCP/IP

If that does not resolve the problem... A Work around...(?)
When you click repair connection the OS
attempts to renew the DHCP lease, if the connection obtains its IP address through DHCP, using a broadcast message.
Flushes the Address Resolution Protocol (ARP) cache using the command arp -d *
Flushes the NetBIOS cache using the command nbtstat -R
Flushes the DNS cache using the command ipconfig /flushdns
Reregisters the NetBIOS name and IP address with WINS using the command nbtstat -RR
Reregisters the computer name and IP address with DNS using the command ipconfig /registerdns

Create and install a script (on the users computer) that does all the above before it connects to your VPN .


0
 
IsaacWeathersAuthor Commented:
I have been testing your solution with about 4 of the people having this problem. It seems that the work around is the only fix for it. None of the other fixes suggested have worked. The only problem I have is that I don't want to be having this script run every time a person logs on. I need something better not just a workaround.
0
 
IsaacWeathersAuthor Commented:
The proposed solution was just a bandaid. I would prefer to know the root cause of the issue not just run a script when it happens to fix it.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now