RE: VPN Clients and DNS

  • From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "Isa Weblist" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 21 Sep 2004 13:43:12 +0100

Try ipconfig /flushdns on the workstation.

S 

-----Original Message-----
From: Joe Pochedley [mailto:joepochedley@xxxxxxxxx] 
Sent: Tuesday, September 21, 2004 9:39 AM
To: Isa Weblist
Subject: [isalist] RE: VPN Clients and DNS

http://www.ISAserver.org

William,

Windows will continue to use a DNS server that it had previously
contacted for as long as that server is available.  Only when a DNS
server becomes unavailable (does not respond to a query) will Windows
switch to the next one in the list and then that one will be the "first"
that it attempts to contact. 

I have seen something 'similar' to what you have described.  It happens
whenever a DNS server is on the same local subnet as the client and
therefore the remote default gateway doesn't enter into the situation...
99% of the time I've seen this, it's because the VPN user is using a
NAT'd DSL or cable connection where the NAT router passes itself as the
DNS (and then proxies out the DNS requests to the ISP's servers)...
This seems to be the default behavior of Dlink, SMC, Microsoft, and
Netgear routers...  Linksys seems to be the only one (of the
SOHO/consumer router manufacturers) that do not do this AFAIK.  In those
instances, the only servers that have been a problem have been the ones
using the same names internally and externally, with different addresses
of course.  If this isn't the situation you're describing, then please
elaborate more.

Joe Pochedley
A computer terminal is not some clunky old television with a typewriter
in front of it. It is an interface where the mind and body can connect
with the universe and move bits of it about. -Douglas Adams 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, September 21, 2004 1:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Clients and DNS

http://www.ISAserver.org

Hi William,

Where are you seeing the "order" of the DNS servers?

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx]
Sent: Monday, September 20, 2004 10:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Clients and DNS


http://www.ISAserver.org

Hi Tom,

The VPN server is assigning my internal DNS server correctly. However
the order of the DNS servers in unchanged. That is to say if prior to
the VPN connection starting the DNS Server order is:

192.168.40.25
192.168.40.99

And the VPN connection assigns the DNS servers 192.168.88.5

Then the order of the servers is left as

192.168.40.25
192.168.40.99
192.168.88.5

The problem is that the first two DNS servers are restricted by the ISP
to its own networks. When the default route switches to the ISA server
you can not contact the ISP's DNS servers.

What I think should happen is that the order should be set to:

192.168.88.5
192.168.40.25
192.168.40.99

Does this make sense?

Thanks

Bill 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, September 20, 2004 8:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN Clients and DNS

http://www.ISAserver.org

Hi William,

The way is supposed to work is the VPN server assigns the VPN clients a
DNS server address, and that DNS server is on your internal network. In
that case, the DNS server is able to resolve both internal and external
names.

HTH<
Tom

-----Original Message-----
From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx]
Sent: Monday, September 20, 2004 3:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN Clients and DNS

http://www.ISAserver.org

Hello,

I have a problem with DNS and VPN connections.  When a computer
connected to an ISP makes a VPN connection in which it is specified to
use the default gateway on the VPN server DNS queries fail.  This is
happening because the ISP is blocking DNS requests from hosts outside
its network.

The question is how can one have the DNS configuration change during the
period of time while the VPN is up. I obviously have DNS servers on my
protected net that I want a VPN client to use. 

I know this can be scripted but the question is why is that necessary. I
would think the default behavior would be to use the DNS server on the
remote network. Is there something that I have misconfigured?

Thanks

Bill

William Holmes (MCP)
Department of Computer Science
310 Upson Hall
Cornell University
Ithaca, NY 14853
wtholmes@xxxxxxxxxxxxxx
607 255-1757 (o) 607 227-6049 (c)
 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wtholmes@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

This E-Mail is confidential. It is not intended to be read, copied, disclosed 
or used by any person other than the recipient named above. 


Unauthorised use, disclosure, or copying is strictly prohibited and may be 
unlawful. Optimum IT Solutions disclaims any liability for any action taken in 
connection of this E-Mail. The comments or statements expressed in this E-Mail 
are not necessarily those of Optimum IT Solutions or its subsidiaries or 
affiliates.

administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx 




Other related posts: