DNS issues over Sonicwall site-to-site VPN

theavant
theavant used Ask the Experts™
on
We are having some strange DNS issues.  We have a main site with multiple remote locations.  The main site is connected to each location via a site-to-site VPN.  Each Sonicwall TZ210 manages the DHCP for their site.  At the main site, we have a couple Domain Controllers, two of which are used for DNS.  The Sonicwall VPN's have two the two servers from the main site, and a third DNS through the ISP.
The problem is that a handful of people at remote sites experience connectivity issues to the mapped drives.  It used to be that you could access teh servers through the IP address, but this changed suddenly.  You cannot ping/run NSlookup.  NSlookup cannot find hte name, and times out after 2 seconds.  We cannot figure out why this is happening.  We are using a Server 2008 box with FSMO roles, and have a 2012 DC, and other 2008 DC's as well.  We do not use IPv6, and it is not enabled on the servers.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
When you have no need-ad DNS servers as an option on the client, one should expect an intermittent issue at that location with attempts to access mapped drives by hostname/fqdn as a request to resolve hostname.localaddomain.suffix could be sent to the ISP's DNS server versus to internal AD based DC DNS services.
I would lose the ISP DNS. I believe it only causes issues. Is it everyone at a site at the same time or a few? Random? If all then that would point to maybe VPN issues/isp down. The affected users, can they ping anything locally at that moment? Are the VPN IP addresses static?

Author

Commented:
I will look into doing that - but this has never been a big problem before.  It used to be that we could at least ping the main branch from this remote site, but something changed and we don't know why.  We can't even change passwords at this branch anymore.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

So this is just one site having issues? And is it all or random among the users? Firewall? Are all the sonics the same model? Updates?

Author

Commented:
I have not heard of the problem happening on other sites.  I did remove the ISP DNS.  It is random whether or not they can ping the IP address.  I had a user try to change their password, and it wouldn't let them, being unable to connect to the domain.  it is strange because it worked (mostly) before.

Author

Commented:
I've checked with the people at Sonicwall, and they say that the VPN is fine.  The tested it, and found that the packets are able to travel through the VPN without an issue.

Author

Commented:
I did notice that the server with the FSMO roles points to a secondary DC as its first DNS.  Would that have anything to do with it?  If I try NSLOOKUP, it fails within 2 seconds.  Also, if I remove the ISP DNS, Internet stops working.
DC's should point to themselves first and only. Im guessing that it cannot connect to the other dns so removing the isp dns would cut off internet. Is there a DC at each site? I would check each sites settings and compare to the problem site. Double check all your settings including the centers vpn host.

Author

Commented:
This particular site does not have its own DC/DNS server.  Interestingly, I discovered that if i do a ping -a x.x.x.x it shows the server name.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial