IT 專業人員的技術資源 >

Read Only - Forefront Edge Security Virtual Private Networks >

Problem with DNS server registering to the dial connecter of a site-to-site VPN

Problem with DNS server registering to the dial connecter of a site-to-site VPN

2010年9月1日上午 10:59

0

I had the following configuration

Domain A 172.31/16                                                  Doman B 172.16/16
SBS 2003                                                                    2003 R2
ISA 2004                                                                     ISA 2006
Demand Dial Network BNetwork                         Demand Dial Network ANetwork
where BNetwork and ANetwork make a site-to-site VPN

Both BNetwork and ANetwork were configured to pickup their local addresses from the local DHCP server and even though the DNS was to be supplied by DHCP, no DNS server address was registered for the dial connector. This was exactly what I wanted and worked correctly.

Now I have the following

Domain A 172.31/16                                                  Doman B 172.16/16
Server 2008 R2                                                          2003 R2
TMG 2010                                                                  ISA 2006
Demand Dial Network BNetwork                         Demand Dial Network ANetwork
where BNetwork and ANetwork make a site-to-site VPN

Again both networks are configured to pickup their local and DNS server addresses from DHCP. Under Server 2008 R2, the dial connecter BNetwork does pick up the remote networks DNS servers. This is not what I want. I have worked around it by hard coding my local DNS server in the definition of BNetwork, but that is less than clean.

Is the behavior a due to a change in Server 2008 R2 or did I miss a configuration point somewhere? How do I get the DNS server from registering on the dial connector.

Thanks Roy

所有回覆

2010年9月13日上午 04:40

版主

0

Hey Roy,

The DNS servers are supplied by DHCP if that is what your VPN settings specify or if you have manually specified it in the VPN settings. What is the config you have set?

Thanks
Mohet
2010年9月13日上午 10:50

0

Yes, I know that the DHCP configuration supplies DNS server addresses. That is not the point.

In both the 2003 and 2008 R2 configuration the local dial connector in RAS is marked to obtain DNS server address automaticaly. In the case of the 2003 server the remote DNS servers are not placed into the dial connectors configuration and they do not get utilized for DNS lookups. In the case of the 2008 R2 server the remote DNS servers are placed into the local dial connectors configuration and they are utilized for all DNS lookups. In fact they are placed at the top of the list, so they are the first DNS servers hit.

I really need 2008 R2 to work like 2003. I have done a workaround by setting the dial-connector on the local system to manual DNS and, since the DNS server address cannot be left blank, set it to the local DNS server. Of course that causes the same DNS server to be hit twice for each lookup. Not exactly optimal.

So the question is. Is the different handling of the DNS servers by 2003/2008 R2 a change from 2003 to 2008 R2 or do I have some subtle configuration setting wrong/

Thanks Roy
2010年9月17日下午 06:48

版主

0

Looks like there is an incorrect settings. The behavior shouldnt have changed in 2008.
2010年9月25日下午 07:24

0

Well, do you think you could possibly give me a hint as to what the incorrect setting might be? I have compared everything that I can find and nothing looks different.
Thanks Roy
2010年9月27日下午 10:57

版主

0

Is there a way you can share the ISABPA from your previous ISA server and TMG BPA from your TMG Server? Or can you just collect those and email them to me at mohitsa@microsoft.com ???
2010年9月28日上午 11:37

0

Look for an email in you in box.
Thanks Roy

需要協助使用論壇嗎？(常見問題集)