DNS With VPN

  • Thread starter Thread starter Merlin
  • Start date Start date
M

Merlin

Sorry if this re-post Outlook is going crazy:(

Hey group,

We have 5 sites all linked via a VPN. When we came in this morning none of
our sites could ping via the DNS name, only the IP address. We noticed on
our VPN routers that the all ports are open except the Broadcast ports?

Could someone tell me do we need broadcast on our routers for DNS to work.
If so what port do we need Open?

We have windows 2000 servers, and all the sites clients are on static IPs

Many Thanks
Merlin
 
In
Merlin said:
Sorry if this re-post Outlook is going crazy:(

Hey group,

We have 5 sites all linked via a VPN. When we came in this morning
none of our sites could ping via the DNS name, only the IP address.
We noticed on our VPN routers that the all ports are open except the
Broadcast ports?

Could someone tell me do we need broadcast on our routers for DNS to
work. If so what port do we need Open?

We have windows 2000 servers, and all the sites clients are on static
IPs

Many Thanks
Merlin
Click to expand...

No, DNS does not use broadcasts.

We'll need more info about your configuration and topology, such as:

1. Are the clients using their respective local DNS or they pointing to a
DNS across the WAN?
2. Are the clients using an ISP's DNS?
3. If DNS is distributed among your locations, is it AD Integrated, or
Primary/Secondaries?
4. While you were testing this (assumed you are trying to resolve it), have
you tried specifying a different DNS in the client, such as one that is
across the WAN in a different location (assuming your DNS infrastructure is
distributed).
5. Any errors in the Event viewer on a client and/or the DNS server or any
other errors or observations that seem amiss?

Can we see an ipconfig /all of a client that is not resolving please?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hey There Many thanks for your reply, please see comments below:
No, DNS does not use broadcasts.

We'll need more info about your configuration and topology, such as:

1. Are the clients using their respective local DNS or they pointing to a
DNS across the WAN?
Click to expand...

The sites are pointing to a DNS accross the Wan (10.10.210.10 &
10.10.210.20)
2. Are the clients using an ISP's DNS?
No

3. If DNS is distributed among your locations, is it AD Integrated, or
Primary/Secondaries?
Click to expand...

AD Intergraded
4. While you were testing this (assumed you are trying to resolve it), have
you tried specifying a different DNS in the client, such as one that is
across the WAN in a different location (assuming your DNS infrastructure is

5. Any errors in the Event viewer on a client and/or the DNS server or any
other errors or observations that seem amiss?
Click to expand...

No everything looks good on the client side and on the server side
Can we see an ipconfig /all of a client that is not resolving please?
Click to expand...
Windows IP Configuration

Host Name . . . . . . . . . . . . : it-pc-04
Primary Dns Suffix . . . . . . . : JRRIX.INT
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : JRRIX.INT

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
Connection
Physical Address. . . . . . . . . : 00-0C-76-43-5F-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.220.3
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :10.10.210.1
DNS Servers . . . . . . . . . . . : 10.10.210.10
10.10.210.20

Many Thanks
Merlin
 
In
MadCrazyNewbie said:
Hey There Many thanks for your reply, please see comments below:

The sites are pointing to a DNS accross the Wan (10.10.210.10 &
10.10.210.20)


AD Intergraded



No everything looks good on the client side and on the server side

Windows IP Configuration

Host Name . . . . . . . . . . . . : it-pc-04
Primary Dns Suffix . . . . . . . : JRRIX.INT
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : JRRIX.INT

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT
Network Connection
Physical Address. . . . . . . . . : 00-0C-76-43-5F-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.220.3
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :10.10.210.1
DNS Servers . . . . . . . . . . . : 10.10.210.10
10.10.210.20

Many Thanks
Merlin
Click to expand...

Hi Merlin,

Thanks for posting that information.

It seems, looking at that client's ipconfig, it appears that the DNS
addresses shown are in the same subnet, based on the subnet mask. But you
said they are in a different subnet? The mask is telling me that it's
local??

If the mask is incorrect, and if so, I'm going to assume it should be
255.255.255.0 (class C or /24), then I'm going to assume, that the DNS
servers are in another location and that all resolution has to go over the
WAN. If there is any excessive traffic or the link is down, this can cause
majore issues, besides Internet resolution, you'll have directory services
resolution issues, which can result in lack of connectivity to resources.

I would suggest to put a DNS server in the remote subnets local to the
clients. I am going to assume you have a DC in the respective local subnets
to facilitate logons instead of traversing the WAN. If the case, I would
suggest to install DNS on it and set the zone AD Integrated. This way at
least the DNS server will be available.

Let me know if this helped.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top