Jump to content

VPN Name Resolution and Suggestions

Brennen

By Brennen
in Windows 2000/2003/NT4

 Share

Recommended Posts

Brennen

Brennen

Posted
Posted (edited)

Alright. Let me rephrase my question:

I have a VPN (Software) running from RRAS on my server 2003. I am behind a domain, lets use "domain.local", and will have a few users using the VPN to access their mapped drives and network resources. For this to work properly I need DNS to resolve through our VPN.

Currently, everything connects just fine, but I am not getting proper name resolution for our servers and computers. I can only reach them by IP address or by full computer name. Ex: \\ComputerName.domain.local OR \\10.1.3.12

What I need is \\ComputerName <-- Without .domain.local

[suggestions Please?]

I am fairly novice to most of this, so if anyone has any other alternatives or better solutions for VPN's etc. I would appreciate.

Edited by Brennen
Link to comment
Share on other sites

Brennen

Brennen

Posted
  • Author
Posted

Most likely, yes. In which case I would probably need to change that?

Forgive me, as I actually am pretty new the company and was put in charge of the Domain. My knowledge of Active Directory isn't incredibly extensive. I will look into this tomorrow morning (today morning technically).

Link to comment
Share on other sites
touchstone_81

touchstone_81

Posted
Posted

By default, the VPN clients inherit the DNS server IP addresses configured on the VPN server.

VPN clients will not be able to resolve DNS host names on the internal network if they are not assigned a DNS server address by the VPN server.

Maybe the VPN client already has a DNS server address assigned to it. However, that DNS server address does not resolve names on the corporate network because that DNS server is intended to resolve names on the network the VPN client computer is attached to before connecting to the VPN server, or to resolve only Internet host names.

Also check if the vpn server is able to resolve names because if it isn't then you need to start troubleshooting from there.

In addition do an nslookup on the client when you are connected to the vpn server, you should see your corporate dns server's IP and when you are disconnected you should see your dial up/broadband providers dns IP.

If none of this works then you could make a hosts file and distribute that to all vpn clients.But if there are a lot of vpn clients then of course you will have more work to do.

Link to comment
Share on other sites
Brennen

Brennen

Posted
  • Author
Posted (edited)
By default, the VPN clients inh.... It is assigned to the proper WINS and DNS addresses on the Corporate Network
Maybe the VPN client already has a DNS serv.... Yes, the current "test client" has a static address assigned to it, so it has the DNS entries for its local network -- I have not seen this conflict with my other VPN setup to another site however despite static addresses. At least I don't recall -- I can look into that.
Also check if the vpn server is able to reso.... It resolves fine.
In addition do an nslookup on the client when you are conne.... No, both connections resolve to the Client's Primary DNS from its static NIC
If none of this works then you could ma.... This wouldn't be very difficult to do just for our servers, although I am wondering if I could work it into Group Policy and let Group Policy also control the VPN. I think that is possible, although it will take some research to getting the VPN controlled by GP. Good idea!

^^Refer to Touchstones full post

Andrew: It is Active Directory controlling the DNS, but I don't know how to reverse / change / fix that. I will do some research and get back to you unless you have some pointers. I will reiterate that I am very new to Server/Domain territory, but I am comfortable with it so I am willing to get my hands dirty.

[edit:] I tested the hosts file, which I am not surprised worked, but it leads me to another question of how to decrease the lookup time? Took about a minute to pull up my file server via UNC path.

Edited by Brennen
Link to comment
Share on other sites
Andrew Palmer

Andrew Palmer

Posted
Posted (edited)

DNS

Right Click Reverse Lookup Zones > New Zone...

My typical values for a network are to make it a primary zone and store it in AD.

Replicate to all DNS Servers in the AD Domain.

Network ID is what your domains subnet is (e.g 192.168.0.)

Allow Secure Updates Only.

DNS over time will create new PTR records as and when machines register their DNS information. Again this isnt really needed but it allows you to resolve an IP address to its hostname rather than being just hostname to IP.

Browsing UNC paths is never that fast over VPN's I find. I've seen a 2mb/2mb link once which was bearable. To overcome this issue most people look at Terminal Services.

Edited by Andrew Palmer
Link to comment
Share on other sites
Brennen

Brennen

Posted
  • Author
Posted (edited)
DNS over time will create new PTR records as and when machines register their DNS information. Again this isnt really needed but it allows you to resolve an IP address to its hostname rather than being just hostname to IP.

Yeah, thanks for the tip. I had already setup the reverse DNS and only adjusted one setting to match what you mentioned, and thus far no changes in resolution via VPN.

I know there is a solution to this -- something I did wrong somewhere. If I figure it out I will let you all know what my solution was. But as for now, thanks for all the help -- and thanks for a temporary solution!

[EDIT:] I feel a little embarrassed for not having tried this, but I went into the TCP/IP properties for the Client's Connection, then went to advanced; I then went to the DNS tab and had the connection append the primary DNS suffix for the connection, and inserted the suffix as domain.local. Now, this is only a solution in the sense that I already have to manually create this VPN connection on each computer that will be dialing in -- and with this being a minor addition to the change in settings I already have to make. It works.

I will still be looking into a way to push these settings without extra config, so any tips there would be nice. But for the moment I am good. Thanks everyone!

Edited by Brennen
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...