VPN and DNS

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a Win2000 RRAS server setup for VPN access. I also have several
websites that have both internal and public IP addresses. Traffic bound from
inside the network destined for the public addresses are blocked at the
firewall.

The problem is that remote users are not getting the internal addresses from
DNS through VPN. Sites that are internal only have no problem, but anything
that has both resolves as the public address.

The solution has been to configure ther remote users machine to use our
internal DNS server as the primary and our external DNS server as the
secondary. This gets to be tedious and heavy on the maintenance with our too
large number of remote users. Not only that, but if we get a trainer at a
customer that has external DNS lookups blocked, then they can have serious
problems.

Is there anyway to for the clients to pull DNS over the VPN connection
rather than the ISP provided solution?

Thanks in advance!
Kevin
 
if you have coerrect DNS settings in the VPN server, it will assign the internal DNS to VPN clients. postiing the result of the server ipconfig /all here may help.
For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

I have a Win2000 RRAS server setup for VPN access. I also have several
websites that have both internal and public IP addresses. Traffic bound from
inside the network destined for the public addresses are blocked at the
firewall.

The problem is that remote users are not getting the internal addresses from
DNS through VPN. Sites that are internal only have no problem, but anything
that has both resolves as the public address.

The solution has been to configure ther remote users machine to use our
internal DNS server as the primary and our external DNS server as the
secondary. This gets to be tedious and heavy on the maintenance with our too
large number of remote users. Not only that, but if we get a trainer at a
customer that has external DNS lookups blocked, then they can have serious
problems.

Is there anyway to for the clients to pull DNS over the VPN connection
rather than the ISP provided solution?

Thanks in advance!
Kevin
 
Here's the Ipconfig/all for the server. The Ethernet Adapter Outside is not
connected, so is reporting correctly. The reportings for Ethernet Adapter
Inside are correct. The RAS server is setup only for VPN (no dialup). Does
the client pull information from the Ethernet adapter or the PPP adapter?

If the PPP Adapter, where do I set that? I’ve been up and down that server
and haven’t found where to set it.

Again, thanks in advance!

Kevin

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : CLL-2U
Primary DNS Suffix . . . . . . . : xxxx.xxxx.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxx.xxxx.com

Ethernet adapter Outside:

Media State . . . . . . . . . . . : Cable Disconnected
Description . . . . . . . . . . . : HP NetServer 10/100TX PCI LAN Adapter #2
Physical Address. . . . . . . . . : 00-30-6E-05-35-7E

Ethernet adapter Inside:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NetServer 10/100TX PCI LAN Adapter
Physical Address. . . . . . . . . : 00-30-6E-05-35-7D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.11.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.21.39
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.21.1
DNS Servers . . . . . . . . . . . : 192.168.21.91
Primary WINS Server . . . . . . . : 192.168.21.61

PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.11.21
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
 
Kevn,

Did you have any success in getting your DNS over VPN problem solved?
I'm having what sounds like the same issue.

I have servers that have an external IP address and an internal
address. They have a DNS name associated with the external address,
hosted by one of the internet's Domain Name registrars. I have created
special DNS records on my internal DNS server for these servers so that
I can get to the internal address by the same DNS name.

However, while VPNed in I still resolve the DNS name to the external
address, implying that I am using my ISP's DNS rather than the DNS that
should be provided by the VPN.

One difference from your description is that it seems to be sporadic -
occaisonally I do properly resolve the internal IP address while VPNed.
 
Back
Top