• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

DNS suffix VPN

While on the VPN i'm trying to ping the unqualified hostname "computer1", i'm trying to get a reply from computer1.officemydomain.com, instead I get a reply from computer1.house.mydomain.com which is non existen and it's just redirection to OPEN DNS error page http://208.69.32.132/. I can ping all computers in the office network by IP and by FQDN. The problem about this is that DNS search suffix list stops as soon as it gets a "reply from" and it does not bother to go down the list of domain in my dns suffix list to find correct and real computer. I really don't want to use host file to fix this. How can this be fixed? is there a registry hack? I'm using default gateway of the VPN and also a dns server on the internal office network.

Again, I have no problem pinging the entire network by IP address or FQDN.

for a complete answer, I will award 500 points.
Windows IP Configuration

        Host Name . . . . . . . . . . . . : COMPUTERNAME
        Primary Dns Suffix  . . . . . . . : house.mydomain.com
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : house.mydomain.com
office.mydomain.com
othermydomain.com
onemydomain.com

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . : launchmodem.com
        Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
        Physical Address. . . . . . . . . : 00-22-FB-1E-17-E2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.3.44
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.3.254
        DHCP Server . . . . . . . . . . . : 192.168.3.254
        DNS Servers . . . . . . . . . . . : 208.67.222.222
        Lease Obtained. . . . . . . . . . : Wednesday, December 23, 2009 3:56:16
 PM
        Lease Expires . . . . . . . . . . : Thursday, December 24, 2009 3:56:16
PM


PPP adapter VPN to Infinite Energy, Inc.:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.100.39
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.100.39
        DNS Servers . . . . . . . . . . . : 192.168.1.40
                                            192.168.1.3

Open in new window

0
Delmiroc
Asked:
Delmiroc
1 Solution
 
Premkumar YogeswaranCommented:
Hi,
Since your domain is house.mydomain.com you will get the reply as computer1.house.mydomain.com
If you want to get the reply as computer1.officemydomain.com then you can create a CNAME in you domain DNS for computer1.officemydomain.com.

Creating A CNAME Record:

A CNAME record allows you to use multiple names for the same IP address. This way, you can have users access the same server for separate functions, such as FTP1.domain.com and WWW.domain.com. Before you can create the CNAME record, you must first have an A record, as described earlier.

To create a CNAME record, perform the following steps:
Right-click your forward zone, <Domain.com>, and click New Record.
Select CNAME Record from the Record Type list box in the New Resource Record dialog box.
Type an alternate name for access to this computer. For example, in the sample information earlier in this article, WWW is an alternate name for FTP1.domain.com.
Type the original host name in "For Host DNS Name." For example, <FTP1.domain.com>.

NOTE: It is important to use the fully-qualified domain name (FQDN) for the originating host DNS name.
Click OK.
Now when your users make a query for either of these host names, your DNS server will return the same IP address.

Take from:
http://support.microsoft.com/kb/172953

Check this too:
http://www.networking4all.com/en/support/domain+names/dns/cname-records/create+cname-record/
https://www.networking4all.com/en/support/domain+names/dns/cname-records/
0
 
172pilotSteveCommented:
Can you even ping "computer1" using it's IP address while on the VPN?  Many corporate VPNs dont allow "split tunneling", meaning that all communication with your local LAN must stop while you're connected to the VPN, so you wont be able to do this anyway..  That's a security "feature" to protect the corporate lan from being touched by other machines on your home network..  If that's the case, you may as well give up, but...

Assuming you can ping other 192.168.3.x addresses while VPN'd in, the problem is that when you're disconnected, your machine is a "B" node  (notice on your IP Config, it says "Broadcast" node) which means that by default, your machine wants to resolve netbios names with a broadcast out to the local network.  You could test/prove this while NOT connected to the VPN by doing "ping machine1" and then doing "nbtstat -r" to see the statistics on what is resolved by DNS vs. broadcast.  In my case, I'm on a corporate network, so I see everything resolved by DNS, but you should see otherwise.  Here's mine:

C:\Documents and Settings\sjones.US>nbtstat -r
    NetBIOS Names Resolution and Registration Statistics
    ----------------------------------------------------
    Resolved By Broadcast     = 0
    Resolved By Name Server   = 21
    Registered By Broadcast   = 0
    Registered By Name Server = 4
C:\Documents and Settings\sjones.US>

You should see "Resolved by Broadcast" as other than zero...

Short names are first assumed to be netbios names and are resolved this way.  Once you connect to the VPN, you are using the VPN adapter to connect to the network, NOT logically your physical adapter.. that means that name resolution is controlled by the config of that VPN adapter, and the corporate VPN probably changes the order of name resolution to append the domain name that THEY want on it...

I guess the short answer is that I dont think you're going to get away with NOT having a hosts file, or an LMHosts file with #PRE (preloaded) entries in it to do what you want, because every time you connect to the VPN, the TCPIP stack is going to get it's configuration from the VPN..

-Steve
0
 
DelmirocAuthor Commented:
I have all cname records for these computer well set in the DNS server of the corporate network. I can also ping computer1 by IP address and any computer in corporate network. The problem that I suspect is when I ping a hostname it my computer automatically appends computer1 to the first domain search suffix on the list house.mydomain.com and then for some reason ISP DNS server returns and reponse of invalid responce, I do a nslookup and it shows me that i'm using the corporate DNS server, I believe most ISP dns servers are doing this to advertise things on error pages. What happens is that it won't go down the list of domain in the dns search suffix list since already return a responce on the first one. I'm trying to figure out how to fix this from the client side.

Thank you,
Delmiro
0
 
ChiefITCommented:
Let's discuss how you are pinging and then determine what protocol is having problems. Ping is a multicommunications protocol diagnostic utility.

Ping by computername is basically using netbios translation for the ping:
Example: Ping computer1

Ping by FQDN is using DNS queries to resolve the ping:
Example: Ping computer1.domain.name

Ping by IP address is using the ARP table  to resolve the ping:
example: Ping xxx.xxx.xxx.xxx

IF MY SUSPICIONS ARE CORRECT:
My guess is, you are having problems with Netbios, but DNS and ARP work. This is because Netbios broadcasts are NOT routeable, unless they have a little help by configuring WINS or an LMHOST record between the two site's master browsers.

This article explains how to configure the Master Browser Service (which is populated by netbios broadcasts), using WINS. You can do the same thing with an LMHOST record between the two site's master browsers.

http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true

Not Routeable is defined as: it will not propogate through any tunneling protocols (like a VPN tunnel or IPv6), It will not go over NAT or to a different subnet. In other words Netbios broadcasts stop at the router.

0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now