none
Unable to ping Public Subdomain from DA Client Machine RRS feed

  • Question

  • hi,

    i am having a DA Client Machine which is joined to my domain abcd.com. I have a public domain with the same name and now i have to access a subdomain from my DA client but the client is trying to find the public subdomain within the internal network.

    My on-prem domain name and public domain name is same.

    It is not looking the public subdomain test.adcd.com over the internet.

    I made the changes in the HOSTS file but still the issue is same. I have made the entry in DNS to with the IP of subdomain but that did not work either.

    How can i make my DA client to look into the internet to find my subdomain.

    Friday, February 16, 2018 2:47 PM

Answers

  • When you configured DirectAccess, it automatically set *.abcd.com as an inclusion to the NRPT (the NRPT is the "DNS" screen inside Step 3 of the DirectAccess wizards). This means that any address you attempt to contact which ends in abcd.com will try to push inside the DirectAccess tunnels, therefore resolving against internal DNS and using IPv6 to go through the tunnels.

    If you want to exclude *.test.abcd.com from the DA tunnels, allowing that traffic to go straight over the internet, you simply have to open the NRPT and add an entry in there for "test.abcd.com", then click the Apply button. Do NOT click on the "Detect" button or put anything into the DNS servers fields. This will add test.abcd.com as an exclusion to DirectAccess, which means it will resolve publically instead of inside the DA tunnels.

    • Marked as answer by roshan kr Tuesday, February 27, 2018 5:07 AM
    Thursday, February 22, 2018 3:29 PM

All replies

  • Hi,

    I have created a CNAME and now i am able to ping my subdomain. But now issue is its resolving on IPV6 address.

    Is there any way to convert that particular Subdomain so that it get resolved on IPv4 address automatically instead of reaching on IPv6. 

    Thanks,

    Roshan

    Monday, February 19, 2018 10:44 AM
  • When you configured DirectAccess, it automatically set *.abcd.com as an inclusion to the NRPT (the NRPT is the "DNS" screen inside Step 3 of the DirectAccess wizards). This means that any address you attempt to contact which ends in abcd.com will try to push inside the DirectAccess tunnels, therefore resolving against internal DNS and using IPv6 to go through the tunnels.

    If you want to exclude *.test.abcd.com from the DA tunnels, allowing that traffic to go straight over the internet, you simply have to open the NRPT and add an entry in there for "test.abcd.com", then click the Apply button. Do NOT click on the "Detect" button or put anything into the DNS servers fields. This will add test.abcd.com as an exclusion to DirectAccess, which means it will resolve publically instead of inside the DA tunnels.

    • Marked as answer by roshan kr Tuesday, February 27, 2018 5:07 AM
    Thursday, February 22, 2018 3:29 PM