When connected to the office vpn connection user dns requests are redirected to 209.62.20.186!

When connected to the office vpn connection user dns requests are redirected to 209.62.20.186! they are trying to access internal resources. The only workaround is to add host file entries. Lookups of genuine fqdn dns addresses still work i.e. www.bbc.co.uk but all internal server names are sent to Kolmic.com.
There's nothing in the registry, no malware, virus etc. Users are using 4 different ISPs.
Kolmic.PNG
HoundymossAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ctefftCommented:
I am having a simular issue.  Secific clients in my domain are having all requestes resolve as 209.62.20.186.  Even fqdn.
0
Michael WorshamStaff Infrastructure ArchitectCommented:
Are your PCs pointing to a DNS internal or external? If your DNS is internal, you might want to check to see if the A and CNAME records are pointed to the right location.
0
ctefftCommented:
In my case, they are internal.  DNS records are all correct.  On the effected computers, no matter what domain is looked up (internal or external) everything returns that .186 IP address.  Other PCs that use the same DNS server are unaffected. Look-ups on the DNS server are correct.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

HoundymossAuthor Commented:
when using the isp dns servers it's the 186 address that is returned when you give it a non fqdn address i.e. an internal server name. When I specify our DC in nslookup which is a DNS server, I get the correct resolution. However the incorrect redirection overrides the DC dns server when connected to the vpn.
0
Michael WorshamStaff Infrastructure ArchitectCommented:
Is it a VPN client or VPN tunnel? The reason I am asking is that some VPN tunnel hardware will allow you to designate a DNS server to converse with rather than using the external world.
0
HoundymossAuthor Commented:
Multiple clients, I've found it now. Seemingly it is network solutions DNS root hosting  that is the problem. I get some213.161.86.107 now with the 209s. They only respond with a 'non-existent domain' error if the lookup in question has a full stop on the end! Apparently www.ibm.com is not a fqdn (209 address response) only www.ibm.com. (129.42.60.212) is! try it and see, argh!!
0
Michael WorshamStaff Infrastructure ArchitectCommented:
One thing you might try is pointing all clients to use OpenDNS (www.opendns.com) as the preferred external DNS site. OpenDNS is rather good at helping to resolve the correct IP addresses and domain names.
0
HoundymossAuthor Commented:
I have found a workaround, however it does not work for Vista, as there is no NdisWanIp setting in the registry.

Please check out the following link for an explanation; the CMAK resolution was really useful, even though we don't use ISA server here. Many thanks to Stefaan Pouseele for his ISA article

http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.