Can't get DNS working with RAS. Help!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm setting up a Windows 2000 server for dial-in access to my network.
Authentication happens through RADIUS to another server.

Users can connect just fine and can ping any IP address on the network. The
only problem is that DNS is not working for the dial-up users. After they
dial in, if I have one of them do an IPCONFIG /ALL, you can see that they are
getting the DNS server address. But they can't resolve a DNS name.

Is this not supposed to work?
 
what do they get if using nslookup? or post the result of ipconfig /all
here.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
Your reference to NSLookup got me thinking. After doing some checking,
I now know what the problem is.

The attribute "Connection-specific DNS Suffix" is not being set for
dial-in users. I have found that I can ping a FQDN, but when I try to
ping a simple server name, all I get is "Unknown host".

Do you have any ideas on how to send the attribute in question? I was
looking through the available RADIUS attributes, but couldn't find
what I need. Is there some way to configure it at the RAS host so that
it will propagate out to the dial-in clients?

Thank you for responding.
 
It is probably best to actually set this in the client's connection
properties. It will then always use this suffix for this connection.
 
For the following reasons, it would be much more convenient if I could
roll it out from the RAS server:

1.) Most of these dial-in users rarely ever come into the office.

2.) It is likely that our domain suffix will change in the near
future.

3.) Since I'm migrating from another type of dial-in system,
rolling out a configuration change from a central server would make
the transition go much smoother.

Thank you for responding.
 
Perhaps you should look at CMAK (Connection Manager Admin Kit). This
enables you to set the client config at the server end and have the clients
download it.

Terry said:
For the following reasons, it would be much more convenient if I could
roll it out from the RAS server:

1.) Most of these dial-in users rarely ever come into the office.

2.) It is likely that our domain suffix will change in the near
future.

3.) Since I'm migrating from another type of dial-in system,
rolling out a configuration change from a central server would make
the transition go much smoother.

Thank you for responding.



It is probably best to actually set this in the client's connection
properties. It will then always use this suffix for this connection.

Your reference to NSLookup got me thinking. After doing some checking,
I now know what the problem is.

The attribute "Connection-specific DNS Suffix" is not being set for
dial-in users. I have found that I can ping a FQDN, but when I try to
ping a simple server name, all I get is "Unknown host".

Do you have any ideas on how to send the attribute in question? I was
looking through the available RADIUS attributes, but couldn't find
what I need. Is there some way to configure it at the RAS host so that
it will propagate out to the dial-in clients?

Thank you for responding.



On Fri, 19 Nov 2004 15:52:28 -0600, "Robert L [MS-MVP]"

what do they get if using nslookup? or post the result of ipconfig /all
here.
Click to expand...
Click to expand...
Click to expand...
 
Back
Top