DNS suffix search list overwritten on VPN reconnect

Posted on 2009-04-24
Medium Priority
Last Modified: 2012-08-13
I have several users who use Cisco Systems VPN client to connect to our network from home.  I need them to have a DNS suffix search list with numerous entries in order for them to be able to access all of our intranet pages after they connect.  On most computers, I can specify this information at [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] and the machine will use that information for the search list from that point on (at least after an ipconfig /renew or a restart).  

The problem I am having is that one some machines running Windows 2000 (but not on others) when I disconnect/reconnect from the VPN the entries that I specified at the location above are overwritten with an incomplete list.  I cannot figure out where the incomplete list is being taken from.  Can anyone give me help on where the incorrect information might be coming from?  I cannot find any plausible registry entries where the information could be stored.  Thanks.
Question by:PTVK
  • 2

Expert Comment

ID: 24231123
have you checked the dhcp server scope that the Cisco is using (so on either the cisco if it's doing the dhcp or a windows server dhcp for example).
LVL 81

Accepted Solution

arnold earned 2000 total points
ID: 24232602
To add some additional information to what the prior comment addressed, is that you have to make sure that your VPN configuration pushes out DNS servers along with the IP for the VPN user.  An option to push the search domains might be an option as well.
How are you modifying the Registry with the VPN process?
Is this a domain based system where you have a GPO that pushes the search domains that goes offsite when the VPN connection is used??
GPOs are not enforced when the system is outside the LAN (slow link speed detection mechanism) determines whether a DC is nearby and applies the GPO.

Author Comment

ID: 24233618
I don't think that the VPN client normally tries to push search domains down... if it did, do you know where it would be getting the information from?  I know we do not use GPOs to push search domains, instead we use a batch file that is called in our login script to overwrite the key I mentioned above, which at least on restart should result in the full suffix list populating.  The really strange behavior in this case is that when I manually overwrite the key(s) that holds the suffix list, they are somehow replaced with incorrect information when I merely disconnect/reconnect the VPN client and I cannot figure out what is doing it.  I do not know how the VPN process modifies the registry, I cannot find settings related to that.

This problem persists through reinstalls of VPN clients that are identical to the version in PCs that do not exhibit this behavior.
LVL 81

Assisted Solution

arnold earned 2000 total points
ID: 24238311
The VPN client pushes nothing. You need to configure your Cisco VPN server to push the LAN DNS servers as part of the VPN policy.  Often the VPN DNS servers will be queried.  Not sure whether you can push search domains through the same mechanism.

The above provides an example which you could use in configuring your VPN policy. I.e. define the default domain and then the list of other domains that should be queried through your LAN DNS servers.
Registry alterations might get flushed when the VPN is not present and the dns handling in windows cycles through trying to resolve a host with the search suffix.  When the VPN is not present, those domains are seens as non-existent and it would seem reasonable to speed up future queries domains that do not exist should not be checked again.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question