DNS suffix VPN

Posted on 2009-12-23
Last Modified: 2012-06-21
While on the VPN i'm trying to ping the unqualified hostname "computer1", i'm trying to get a reply from, instead I get a reply from which is non existen and it's just redirection to OPEN DNS error page I can ping all computers in the office network by IP and by FQDN. The problem about this is that DNS search suffix list stops as soon as it gets a "reply from" and it does not bother to go down the list of domain in my dns suffix list to find correct and real computer. I really don't want to use host file to fix this. How can this be fixed? is there a registry hack? I'm using default gateway of the VPN and also a dns server on the internal office network.

Again, I have no problem pinging the entire network by IP address or FQDN.

for a complete answer, I will award 500 points.
Windows IP Configuration

        Host Name . . . . . . . . . . . . : COMPUTERNAME

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . :

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN

        Physical Address. . . . . . . . . : 00-22-FB-1E-17-E2

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . :

        Subnet Mask . . . . . . . . . . . :

        Default Gateway . . . . . . . . . :

        DHCP Server . . . . . . . . . . . :

        DNS Servers . . . . . . . . . . . :

        Lease Obtained. . . . . . . . . . : Wednesday, December 23, 2009 3:56:16


        Lease Expires . . . . . . . . . . : Thursday, December 24, 2009 3:56:16


PPP adapter VPN to Infinite Energy, Inc.:

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

        Physical Address. . . . . . . . . : 00-53-45-00-00-00

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . :

        Subnet Mask . . . . . . . . . . . :

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . :


Open in new window

Question by:Delmiroc
    LVL 17

    Expert Comment

    by:Premkumar Yogeswaran
    Since your domain is you will get the reply as
    If you want to get the reply as then you can create a CNAME in you domain DNS for

    Creating A CNAME Record:

    A CNAME record allows you to use multiple names for the same IP address. This way, you can have users access the same server for separate functions, such as and Before you can create the CNAME record, you must first have an A record, as described earlier.

    To create a CNAME record, perform the following steps:
    Right-click your forward zone, <>, and click New Record.
    Select CNAME Record from the Record Type list box in the New Resource Record dialog box.
    Type an alternate name for access to this computer. For example, in the sample information earlier in this article, WWW is an alternate name for
    Type the original host name in "For Host DNS Name." For example, <>.

    NOTE: It is important to use the fully-qualified domain name (FQDN) for the originating host DNS name.
    Click OK.
    Now when your users make a query for either of these host names, your DNS server will return the same IP address.

    Take from:

    Check this too:
    LVL 10

    Accepted Solution

    Can you even ping "computer1" using it's IP address while on the VPN?  Many corporate VPNs dont allow "split tunneling", meaning that all communication with your local LAN must stop while you're connected to the VPN, so you wont be able to do this anyway..  That's a security "feature" to protect the corporate lan from being touched by other machines on your home network..  If that's the case, you may as well give up, but...

    Assuming you can ping other 192.168.3.x addresses while VPN'd in, the problem is that when you're disconnected, your machine is a "B" node  (notice on your IP Config, it says "Broadcast" node) which means that by default, your machine wants to resolve netbios names with a broadcast out to the local network.  You could test/prove this while NOT connected to the VPN by doing "ping machine1" and then doing "nbtstat -r" to see the statistics on what is resolved by DNS vs. broadcast.  In my case, I'm on a corporate network, so I see everything resolved by DNS, but you should see otherwise.  Here's mine:

    C:\Documents and Settings\sjones.US>nbtstat -r
        NetBIOS Names Resolution and Registration Statistics
        Resolved By Broadcast     = 0
        Resolved By Name Server   = 21
        Registered By Broadcast   = 0
        Registered By Name Server = 4
    C:\Documents and Settings\sjones.US>

    You should see "Resolved by Broadcast" as other than zero...

    Short names are first assumed to be netbios names and are resolved this way.  Once you connect to the VPN, you are using the VPN adapter to connect to the network, NOT logically your physical adapter.. that means that name resolution is controlled by the config of that VPN adapter, and the corporate VPN probably changes the order of name resolution to append the domain name that THEY want on it...

    I guess the short answer is that I dont think you're going to get away with NOT having a hosts file, or an LMHosts file with #PRE (preloaded) entries in it to do what you want, because every time you connect to the VPN, the TCPIP stack is going to get it's configuration from the VPN..

    LVL 1

    Author Comment

    I have all cname records for these computer well set in the DNS server of the corporate network. I can also ping computer1 by IP address and any computer in corporate network. The problem that I suspect is when I ping a hostname it my computer automatically appends computer1 to the first domain search suffix on the list and then for some reason ISP DNS server returns and reponse of invalid responce, I do a nslookup and it shows me that i'm using the corporate DNS server, I believe most ISP dns servers are doing this to advertise things on error pages. What happens is that it won't go down the list of domain in the dns search suffix list since already return a responce on the first one. I'm trying to figure out how to fix this from the client side.

    Thank you,
    LVL 38

    Expert Comment

    Let's discuss how you are pinging and then determine what protocol is having problems. Ping is a multicommunications protocol diagnostic utility.

    Ping by computername is basically using netbios translation for the ping:
    Example: Ping computer1

    Ping by FQDN is using DNS queries to resolve the ping:
    Example: Ping

    Ping by IP address is using the ARP table  to resolve the ping:
    example: Ping

    My guess is, you are having problems with Netbios, but DNS and ARP work. This is because Netbios broadcasts are NOT routeable, unless they have a little help by configuring WINS or an LMHOST record between the two site's master browsers.

    This article explains how to configure the Master Browser Service (which is populated by netbios broadcasts), using WINS. You can do the same thing with an LMHOST record between the two site's master browsers.

    Not Routeable is defined as: it will not propogate through any tunneling protocols (like a VPN tunnel or IPv6), It will not go over NAT or to a different subnet. In other words Netbios broadcasts stop at the router.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now