Question

Locked

DNS issues over VPN

By Goody3335 ·
I have many users connecting over VPN (PPTP using Microsoft VPN) and all of a sudden only some are not able to connect to DNS. They can ping using IP addresses, but not computer names. When they use the nslookup tool it gives their ISP's DNS server, not ours. They seem to connect to the VPN just fine, though. I looked in event viewer and there are a couple of warnings that say the NTP client couldn't sync the time up with the domain controller, but the last one was this morning and users are still having the same problem. No configuration changes were made at the time when people started having this issue. We are working with routing and remote access on a 2003 server. Any help is much appreciated!

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

dns - vpn

by giadich In reply to DNS issues over VPN

in the vpn connection dialog box, there a button called Properties, if you click on that and explore the options a bit you'll find that you can change/add dns and/or default gateway.

Collapse -

By default, Windows uses UDP for domain authentication....

by robo_dev In reply to DNS issues over VPN

And UDP protocol rarely works reliably over a VPN connection. UDP is connectionless, and any fragmentation means packets arrive out-of-order and are dropped.

My guess would be that a Windows update caused the issue...but that's just a guess.

You need to change the clients to use TCP for Kerberos authentication. See this link:

http://support.microsoft.com/kb/244474

Collapse -

Windows update

by goody3335 In reply to By default, Windows uses ...

There were only 3 updates applied to the domain controller (none to the RAS server). They were KB941644, KB943485, and KB942615. Anyone heard anything bad? I saw a few bad things about the first update. I don't know that it could have caused my problem, though.

Collapse -

Also am receiving ISP's DNS for nslookup for users connected via VPN

by sfurtado In reply to By default, Windows uses ...

I have the same setup as Goody3335 or so it seems. I tried that MS fix and flushed my test box's DNS. Still same issue. Any help would be grateful. Thanks

Collapse -

First off

by CG IT In reply to DNS issues over VPN

users connecting to your network via VPN don't really connect to DNS. DNS is just a name to ip resolution service.

My question would be why the heck are users pinging or using nslookup in the first place? Users shouldn't care about ping or nslookup rather being able to find resources on the network. If you have users pinging everywhere on the network, you can have network congestion problems.

However, I'll assume that ping and nslookup really isn't an issue with users, including VPN users, rather that your DNS server isn't resolving names to addresses when users look for shared resource by name. If your DNS server isn't resolving a name to address, then I would look at DNS and do some query tests. DNS has a built in query and recursion test. Might check with those tools.

Collapse -

...

by sfurtado In reply to First off

Internally the names resolve just fine. Its only a select number of users who connect through VPN that cannot resolve the internal names.

This works fine for some users. Luckily on the test box I was able to replicate this issue. It will use the ISP's DNs to resolve while connected on VPN, even with the fix posted earlier. I've also specified our DNS servers for the VPN connection settings on the test box. Still no help. Thanks

Collapse -

Two solutions

by Dumphrey In reply to ...

user has to manually chage priority to VPN supplied DNS server, or (more reliable) add VPN network resources to a host file on the VPN computers. Also, make sure VPN users are on another subnet from the network they are vpning into.

Collapse -

Two Solutions...

by sfurtado In reply to Two solutions

I've tried both and the same issue persists.

When I added the name servers to the host file it was able to resolve internal names fine. Once I rebooted the test box went back to using the ISP's DNS... Thanks for your suggestions though. I'm stumped.

Collapse -

If a reboot cleared changes

by Dumphrey In reply to Two Solutions...

to the hosts file you have weird permissions issues. The hosts file overrides DNS every time (hence www.myspace.com 127.0.0.1 :0). Which means any changes you made did not get saved between reboots. you may want to look into that.

Collapse -

Shouldn't happen

by CG IT In reply to ...

A VPN connection into your network [and I'll assume here that your running MS Active Directory Services because you have DNS running and also assume your using typical RRAS settings] shouldn't use the ISP DNS once a connection is made. If anything, to get access to network resources they should obtain a network address through DHCP relay agent or a static address pool. This then allows the VPN clients to be connected to the internal network just as regular desktops are. They would then use local network resources including using the local network internet access.

The MS patch aside, I would look at how remote clients gain access to network resources while remotely connected.

Back to Networks Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums