locked
Problem with DNS server registering to the dial connecter of a site-to-site VPN RRS feed

  • Question

  • I had the following configuration

    Domain A 172.31/16                                                  Doman B 172.16/16
    SBS 2003                                                                    2003 R2
    ISA 2004                                                                     ISA 2006
    Demand Dial Network BNetwork                         Demand Dial Network ANetwork
    where BNetwork and ANetwork make a site-to-site VPN

    Both BNetwork and ANetwork were configured to pickup their local addresses from the local DHCP server and even though the DNS was to be supplied by DHCP, no DNS server address was registered for the dial connector.  This was exactly what I wanted and worked correctly.

     

    Now I have the following

    Domain A 172.31/16                                                  Doman B 172.16/16
    Server 2008 R2                                                          2003 R2
    TMG 2010                                                                  ISA 2006
    Demand Dial Network BNetwork                         Demand Dial Network ANetwork
    where BNetwork and ANetwork make a site-to-site VPN

    Again both networks are configured to pickup their local and DNS server addresses from DHCP.  Under Server 2008 R2, the dial connecter BNetwork does pick up the remote networks DNS servers.  This is not what I want.  I have worked around it by hard coding my local DNS server in the definition of BNetwork, but that is less than clean.

     

    Is the behavior a due to a change in Server 2008 R2 or did I miss a configuration point somewhere?  How do I get the DNS server from registering on the dial connector.

     


    Thanks Roy
    Wednesday, September 1, 2010 10:59 AM

All replies

  • Hey Roy,

    The DNS servers are supplied by DHCP if that is what your VPN settings specify or if you have manually specified it in the VPN settings. What is the config you have set?

    Thanks
    Mohet
    Monday, September 13, 2010 4:40 AM
    Moderator
  • Yes, I know that the DHCP configuration supplies DNS server addresses.  That is not the point.

    In both the 2003 and 2008 R2 configuration the local dial connector in RAS is marked to obtain DNS server address automaticaly.  In the case of the 2003 server the remote DNS servers are not placed into the dial connectors configuration and they do not get utilized for DNS lookups.  In the case of the 2008 R2 server the remote DNS servers are placed into the local dial connectors configuration and they are utilized for all DNS lookups.  In fact they are placed at the top of the list, so they are the first DNS servers hit.

    I really need 2008 R2 to work like 2003.  I have done a workaround by setting the dial-connector on the local system to manual DNS and, since the DNS server address cannot be left blank, set it to the local DNS server.  Of course that causes the same DNS server to be hit twice for each lookup.  Not exactly optimal.

    So the question is.  Is the different handling of the DNS servers by 2003/2008 R2 a change from 2003 to 2008 R2 or do I have some subtle configuration setting wrong/

     


    Thanks Roy
    Monday, September 13, 2010 10:50 AM
  • Looks like there is an incorrect settings. The behavior shouldnt have changed in 2008.
    Friday, September 17, 2010 6:48 PM
    Moderator
  • Well, do you think you could possibly give me a hint as to what the incorrect setting might be?  I have compared everything that I can find and nothing looks different.
    Thanks Roy
    Saturday, September 25, 2010 7:24 PM
  • Is there a way you can share the ISABPA from your previous ISA server and TMG BPA from your TMG Server? Or can you just collect those and email them to me at mohitsa@microsoft.com ???
    Monday, September 27, 2010 10:57 PM
    Moderator
  • Look for an email in you in box.


    Thanks Roy
    Tuesday, September 28, 2010 11:37 AM