DNS over VPN connection

Hi everyone,

I was wondering if you could use DNS over VPN. When I make access to my company's workplace, I can't connect to server using the DNS, but only by IP. I have set-up the VPN connection to add domain.local as DNS-suffix, but this isn't also working.

Do I need to make adaptions on the server or client? What if you are not using a server, but only the firewall to authenticate the users? I guess it is different in each situation?

Thanks in advance!!
Who is Participating?
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The solution (usually) is WINS. WINS does not require you to have the DNS suffixes correct, as it only cares about the (extended) NetBIOS names, and works in addition to the DNS server. That works as follows:
While not connected, no WINS server is provided, because you did not setup a local one. Only (Internet) DNS is asked. => You have Internet access without any issues.
While connected, the VPN provides a WINS server (that of the company). WINS and DNS are queried in parallel, and the first one giving a positive reply will determine the IP address used. WINS on the company site does query the company DNS server in turn, if it does not know of the names, and provides the appropriate company DNS suffixes. => You have both Internet access and company access by using names.
John EastonDirectorCommented:
Normally when you connect to a VPN the DNS server details are provided.  If however this is not set up on the VPN Firewall it may be giving the wrong details.

If using Windows, you can set the properties of your VPN connection to use a DNS server you specify on the destination network.

To access this (in Win XP) go to Network Connections, right click the VPN connection and select Properties.  Go to the Networking Tab, highlihgt Internet Protocol from the list and click properties.  Select 'Use the following DNS server...' and enter you DNS server details.

I expect similar setting are available in Windows Vista / 7, but I don't have one to hand to check the exact process.

Hope this helps.
As JEaston said, this info should be provided to you by the VPN server.  IMO contact the admin of the VPN and check if that information is indeed being provided -- this could just be a missed/incorrect setting on your client.  On that note, it could also be a missed/incorrect setting on the server side, but the admin will have to check on that.  In a "proper" setup, after connecting to the VPN, you should not need to do anything else on your end except start working ;)
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Rob WilliamsCommented:
To add JEaston's comments you should add the domain suffix as well as per:
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Depending on the VPN client, split DNS is not supported. Even if, you would need to use complete DNS names, or add the DNS suffixes to your main connection.
With the Windows integrated VPN, DNS is only redirected (and then completely) if the "Use remote gateway" option is also set in the client's VPN connection properties. Windows itself is not able to query more than one (responsive) DNS server, even if you have more than one in your properties. The alternative DNS servers (and the VPN DNS servers belong to those) are only asked if the primary does not respond at all within a certain period of time.
Silencer001Author Commented:
Thanks for your comments! I already tried adding the suffixes but still can't use DNS to query for networkshares. Also checked with ipconfig and DNS is set-up good because DNS-servers which are shown are good.
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Again: Only the first DNS server is used by Windows. Any other DNS server is for fallback only. If that DNS server does not know of your domain and names, it does not work that way.
Silencer001Author Commented:
Thanks Qlemo. Is there then a way to get it to query the second DNS server or can't you use DNS-names to access shares?
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
As I said, Split DNS would do that, but that is only available as part of some VPN clients.
The first DNS server needs  to be changed when connected. There is no other way with Windows VPN - with exception of using local HOSTS and/or LMHOSTS files, or using IP addresses.
Silencer001Author Commented:
Ah ok Qlemo, thanks for the advice! So if I could sum this up: you need a VPN-client which supports split tunneling to access resources on the internal network through VPN?

So just using the "connect to workplace" in windows 7 is just not an option to do this? So this has nothing to do with settings on the servers or anything?

In the weekend I did some testing with an ASA 5505 an SSL VPN and when connected with the cisco anyconnect client I could access resources based on their resource name but not access the internet. When I set-up the split tunneling on the ASA, I could have both.

With the general part of our customers we use server credentials and just forward 1723 to the server and let him take care of the authentication. In this set-up this would never work I assume?

Kind regards and thanks again! Sorry for the late reply but have been busy with some projects.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.