dhcp relay agent clarification wanted

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

On a two-NIC Win2k3 machine, I have Isa2k4, DHCP, DNS, AD, DC, etc.

A VPN client was able to access resources by IP address or by FQDN, but
couldn't do so by non-FQDN. To rectify the issue, in RRAS, I've installed
the DHCP Relay Agent component. A VPN client seems now able to access the
resources by non-FQDN, as well.

Am I deluding myself?

The following is a quote from RRAS documentation:

"You cannot use the DHCP Relay Agent component on a computer running the
DHCP service."

In my case, am I using the DHCP Relay Agent component on a computer running
the DHCP service or not?

Thank you.
 
Probably what you really need to do is specify the correct domain suffix
in the connection properties of the client. The client will then combine the
DNS suffix with the machine name to send the correct request to the DNS
server.
 
Bill,

Thank you for your comment.
...specify the correct domain suffix
in the connection properties of the client.
Click to expand...

Yes, I've observed if I enter manually companyName.com in the "DNS suffix
for this connection" box, a VPN roaming client is able to access the internal
website using http://siteName in lieu of the full-blown
http://siteName.companyName.com.

Manual alterations would have to be made on every machine. Isn't there a
way to distribute the domain suffix from the server?

Is the DHCP Relay Agent just my delusion? The reason why I question my
findings is that my tests are conducted in a controlled environment of a
virtual-machine network.

[1] ipconfig /all before installing DHCP Relay Agent

Windows IP Configuration
Host Name . . . . . . . . . . . . : roam-wrkstn
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter (Generic)
Physical Address. . . . . . . . . : 00-03-FF-15-45-26
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 1.1.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.1

PPP adapter VPN Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.0.11
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.1.0.11
DNS Servers . . . . . . . . . . . : 10.1.0.1
- - - - - - - - - - - - - - - - - - - - - - -
[2] ipconfig /all after installing DHCP Relay Agent

Windows IP Configuration
Host Name . . . . . . . . . . . . : roam-wrkstn
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : companyName.com

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapter (Generic)
Physical Address. . . . . . . . . : 00-03-FF-15-45-26
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 1.1.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.1

PPP adapter VPN Connection:
Connection-specific DNS Suffix . : companyName.com
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.1.0.12
DNS Servers . . . . . . . . . . . : 10.1.0.1
10.1.0.1
 
1. Yes, DHCP can distribute the DNS domain name. It is DHCP option 015.

2. The way it all works is a bit unusual . When a remote client connects, it
gets its IP config from the RRAS server as part of setting up the point to
point link. At this stage the client just gets an IP and the DNS and WINS
server addresses which are configured on the RRAS server. This is how it has
worked since RAS on NT, and is part of the PPP negotiation process.

After the connection is set up, the client (if it has the necessary
code) can contact the DHCP server and check for other DHCP options. For this
to work DHCP relay must be enabled on the RRAS server. The server doesn't
contact a particular IP address - it just sends a DHCPINFORM request.

I seem to recall previous postings where there have been problems with
this if the RRAS server is itself the DHCP server. I have never really
looked at this, since I have never had the need to use it.

bill said:
Bill,

Thank you for your comment.
...specify the correct domain suffix
in the connection properties of the client.
Click to expand...

Yes, I've observed if I enter manually companyName.com in the "DNS
suffix for this connection" box, a VPN roaming client is able to
access the internal website using http://siteName in lieu of the
full-blown http://siteName.companyName.com.

Manual alterations would have to be made on every machine. Isn't
there a way to distribute the domain suffix from the server?

Is the DHCP Relay Agent just my delusion? The reason why I question
my findings is that my tests are conducted in a controlled
environment of a virtual-machine network.

[1] ipconfig /all before installing DHCP Relay Agent

Windows IP Configuration
Host Name . . . . . . . . . . . . : roam-wrkstn
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast
Ethernet Adapter (Generic)
Physical Address. . . . . . . . . : 00-03-FF-15-45-26
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 1.1.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.1

PPP adapter VPN Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.0.11
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.1.0.11
DNS Servers . . . . . . . . . . . : 10.1.0.1
- - - - - - - - - - - - - - - - - - - - - - -
[2] ipconfig /all after installing DHCP Relay Agent

Windows IP Configuration
Host Name . . . . . . . . . . . . : roam-wrkstn
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : companyName.com

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast
Ethernet Adapter (Generic)
Physical Address. . . . . . . . . : 00-03-FF-15-45-26
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 1.1.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.1

PPP adapter VPN Connection:
Connection-specific DNS Suffix . : companyName.com
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.1.0.12
DNS Servers . . . . . . . . . . . : 10.1.0.1
10.1.0.1
Click to expand...
 
Bill,

Thank you for your elucidation.

It seems, if and when needed, we should stay with tried and true manual
entries on client machines.
 
Back
Top