none
DNS search order is reversed on the DHCP client when you use a VPN to connect to RRAS

    Question

  • When I connect a Windows 7 Professional VPN client to a Windows SBS 2008 RRAS server the vpn search order is reversed causing local lookups to fail. My server has three DNS servers given out through DHCP; the first one is local and the other two are OpenDNS public DNS servers. Once the VPN client in Windows 7 connects it can't locate resources over the vpn becaue it is trying to query the OpenDNS servers instead of the local dns server which is now listed last.

    This problem is well documented in Microsoft Operating Systems since Windows 2000:

    http://support.microsoft.com/kb/840629

    http://support.microsoft.com/kb/958551

     

    Upon calling Microsoft support I was told that no hotfix was available for Windows 7 to address this issue. Help!

    Wednesday, March 31, 2010 5:55 PM

All replies

  • Hi,

     

    Thank you for posting here.

     

    After connecting to the RRAS server, please ensure the client can access the local DNS server.

     

    In addition, I would like to share the following with you:

     

    Microsoft TCP/IP Host Name Resolution Order

     

    Hope this helps. Thanks.


    Nicholas Li - MSFT
    Tuesday, April 06, 2010 3:28 AM
    Moderator
  • This is not a Windows 7 issue, this is a DNS and DHCP configuration issue. 

     

    You have 3 DNS servers 1 for internal and 2 external. 

    Remove the two OpenDNS from the DHCP and just use the one internal.

    Add the OpenDNS servers to the forwarders in the DNS.  This will forward all other queries outside your domain to these servers.


    MCP: WIndows XP MCP: SMS 2003
    Tuesday, April 06, 2010 1:57 PM
  • After connecting to the RRAS server, the client can connect to the local DNS server, but it doesn't query that server for DNS because there are two other DNS servers listed before it. If I remove the two OpenDNS servers from my DHCP configuration everything works fine. The problem with that is if my local DNS server is ever unavailable (rebooting, etc) then my DHCP clients have no internet access because they can't resolve DNS lookups, thus the OpenDNS servers in the configuration in the first place.

     

    As posted in my original post this is a known issue that has patches for Windows 2000, Windows XP, Windows Vista, and Windows Server 2008, but nothing for Windows 7 yet.

    Friday, April 09, 2010 3:03 PM
  • Hi,

    On your RRAS server add the following key 

    Type Dword32

    Name  SuppressDNSNameServers

    Location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP

    value  1.

    Restart the RRAS service and try again.

    If possible reboot and then test.

    You should get ips in the order you want them to be in.

    Regards

     

    Wednesday, July 21, 2010 5:52 PM
  • Hi,

    On your RRAS server add the following key 

    Type Dword32

    Name  SuppressDNSNameServers

    Location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP

    value  1.

    Restart the RRAS service and try again.

    If possible reboot and then test.

    You should get ips in the order you want them to be in.

    Regards

     


    This works to correct the DNS search order; however it has the side affect of an nslookup responding with "Unknown" as the DNS server name. The lookup result are correct though. I haven't come across any scenario where this little side affect causes any problems.
    Friday, February 04, 2011 10:27 PM
  • Hi,

    On your RRAS server add the following key 

    Type Dword32

    Name  SuppressDNSNameServers

    Location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP

    value  1.

    Restart the RRAS service and try again.

    If possible reboot and then test.

    You should get ips in the order you want them to be in.

    Regards

     

    Wow thank you. Been looking for days for a reason why my VPN client wouldn't perform lookups. Finally I scratched my head about the reverse DNS list and googled it to find this. Worked for me, no reboot required.

    Win7 Pro 32-bit client

    Server 2008 Enterprise 64-bit RRAS Server

    P.S. Didn't work the first time I tried it. It helps to spell Suppress correctly -_-
    Monday, July 11, 2011 9:15 AM