DNS and RRAS

  • Thread starter Thread starter art
  • Start date Start date
A

art

Is my question too complicated for this arena?
Nobody seems to want to take a swing at this, not even
the engineers...
The original question is this:
Does anyone know if its possible to force remote access
clients to use my internal DNS servers?
The problem is that when users dial in to their isp's they
get assigned a DNS server, then when they tunnel into the
office network they get assigned a DNS server, which is
the internal dns server in active directory. When they try
to browse the network they query the isp assigned DNS
server which cannot resolve our internal addresses, so it
times out...
 
Well, with all do respect Herb,
I did spend hours reading the posts in the group...
I have seen requests from the engineers, or others
replying to the post for additional info when something
wasn't clear enough. Sorry if you took offense, I thought
I explained clearly, but if not, I'd be glad to provide
any information that would help to resolve this problem.
I'll try the static entry's you mentioned, thanks.
I believe I already tried that, but I've been trying to
work around this for awhile and maybe I didn't.
Again, if the question was to obscure, a reply to that
affect would be nice as opposed to just being blown off...
Anyway, at least I did get somewhat of a response
 
In
art said:
Well, with all do respect Herb,
I did spend hours reading the posts in the group...
I have seen requests from the engineers, or others
replying to the post for additional info when something
wasn't clear enough. Sorry if you took offense, I thought
I explained clearly, but if not, I'd be glad to provide
any information that would help to resolve this problem.
I'll try the static entry's you mentioned, thanks.
I believe I already tried that, but I've been trying to
work around this for awhile and maybe I didn't.
Again, if the question was to obscure, a reply to that
affect would be nice as opposed to just being blown off...
Anyway, at least I did get somewhat of a response
Click to expand...

I know that Dean Wells, MVP, is working on a similar issue. Haven't at;led
to him lately to see how far he's got with it. The problem comes down to
when the user uses dialup on the road or at a hotel/motel with Inernet
access, they supply the DNS servers to get to their web page where in some
cases, the establishment has a login with CC info to pay for access, and
once authorized, it allows it. To get to their company's VPN servers, it
will connect thru name resolution from a public name. But once inside, the
internal DNS servers are needed to authenticate into the private domain.
Users in gerneral, will not know how to change the DNS addresses to the
internal private DNS on their laptops. In this case, Dean setup a script
that will populate the HOSTS files with that info. Maybe a script can be
generate to produce the same effect and/or change the DNS server settings
(using netsh or VBScritp?) on their laptops.

I've seen where the setting on the VPN connection to use the VPN connections
at times doesn't work. You can check the binding order too for another
possibility.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
"Ace Fekay [MVP]"
I know that Dean Wells, MVP, is working on a similar issue. Haven't at;led
to him lately to see how far he's got with it. The problem comes down to
when the user uses dialup on the road or at a hotel/motel with Inernet
access, they supply the DNS servers to get to their web page where in some
Click to expand...

It's fairly easy Ace (as he describe it) unless Dean is working
on something else.

Ever dial-up or VPN (even in RRAS) has a full NIC-like
property sheet with the same settings as any other "real"
NIC, just like the "manual overrides DHCP" we were
discussing earlier in another thread, manual there overrides
RRAS server UNLESS the RRAS server disallows this
for SOME settings (like IP address/mask.)

And any specification on the "modem" interface is not the
same as the later "VPN" interface.
 
Herb Martin said:
"Ace Fekay [MVP]"
some

It's fairly easy Ace (as he describe it) unless Dean is working
on something else.

Ever dial-up or VPN (even in RRAS) has a full NIC-like
property sheet with the same settings as any other "real"
NIC, just like the "manual overrides DHCP" we were
discussing earlier in another thread, manual there overrides
RRAS server UNLESS the RRAS server disallows this
for SOME settings (like IP address/mask.)

And any specification on the "modem" interface is not the
same as the later "VPN" interface.
Click to expand...

I understand that, but it still doesn't work correctly, hence why the script
to populate the local cache with info from the internal domain, otherwise,
the user can't do the initial log into the domain without that info, since
the DNS server is the motel's or ISP's.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
We'll see about that Herb...you say too easily that
its "trivial" I'm always suspect when someone jumps to
delusions...
I am not the one with attitude here,
I find it interesting that I got a response after I
questioned wether or not the post was too complicated for
this arena. I did not question anyones technical ability,
just wether I should be following a different support
option for this particular issue...
If you think I didn't "ask nice" perhaps you could get one
of your peers to look at the original post and see if
there was any animosity in it.
When your ready to get back to the issue please reply to
the post, if you want to carry on this tirade then don't
bother...Ace seems very helpful.
 
I already gave you the technical answer - so when you
have a new technical question just ask and perhaps
someone, myself or another will answer.
 
Tried Herbs suggestion, made no difference. The client
still queries the AOL supplied DNS server first, and I
have no control over that.
Setting the dns servers statically thru the ip
configuration of the vpn connectoid didn't change anything
because the client got the dns settings automatically
through the dhcp server anyway. I could verify that by
running ipconfig/all at the command prompt on the client
after the connection to the office lan is established.
If I run the network monitor and then try to browse to a
network share I can see that the client tries to resolve
through the AOL assigned dns server. Even though I can see
the nodes in network neighborhood, when I try to connect
to the share it times out and returns a pop up message
stating that either the network name is no longer valid,
or access denied
 
Tried Herbs suggestion, made no difference. The client
still queries the AOL supplied DNS server first, and I
have no control over that.
Click to expand...

What does "IPConfig /all" show at that time?

My DHCP clients do not do that; if you override the settings
in the client dialog (and make sure you don't leave any blank
perhaps) you can bypass anything 'given' to you by either
DHCP or RRAS servers.

I have one working this way (admittedly on DHCP not RRAS
but I have used it there too) right this minute -- checked it earlier
(for other reasons) and saw it was doing it correctly as it has for
years.
 
Back
Top