none
DNS server priority and domain restrictions

    Question

  • Sometimes VPN users do not use our internal name servers. This results in effectively unreachable Intranet services.

    The problem appears to be that in some situations, the DNS servers we send with DHCP when VPN connection is brought up, are not being used. Instead the DNS servers given by some other connection are being used. It appears that the order of DNS servers Windows uses is (almost) arbitrary: it appears to use the DNS servers given from VPN connection most of the time but sometimes some other servers from some other connection take precedence.

    This is not what we would want! We would need to somehow always force our internal name servers to be on the top of the list whenever the VPN connection is open.

    There is an additional problem: our internal name servers are being used(when they are used at all) for all DNS queries. We would like them to only be used for our domain, not all domains, and for reverse (PTR) lookups.

    So the ideal situation would be:
     - our DNS servers would be used our domain and PTR lookups as soon as VPN activates
     - they would be always used for the above uses as long as the VPN stays up.

    Not so ideal, but ok(this is how it works now except for the problem cases):
     - our DNS servers would be used for all domain lookups wheneven VPN is active

    We are using opensource OpenVPN as the solution and can control the server side and client side parameters in this case. So, basically, we can
    push any DHCP options to the clients and can also modify the client side configuration.
    Thursday, September 17, 2009 8:16 AM

All replies

  • I've recently run into this issue as well, this was not a problem with XP.
    Friday, September 18, 2009 3:33 PM
  • Sometimes VPN users do not use our internal name servers. This results in effectively unreachable Intranet services.

    The problem appears to be that in some situations, the DNS servers we send with DHCP when VPN connection is brought up, are not being used. Instead the DNS servers given by some other connection are being used. It appears that the order of DNS servers Windows uses is (almost) arbitrary: it appears to use the DNS servers given from VPN connection most of the time but sometimes some other servers from some other connection take precedence.

    This is not what we would want! We would need to somehow always force our internal name servers to be on the top of the list whenever the VPN connection is open.

    There is an additional problem: our internal name servers are being used(when they are used at all) for all DNS queries. We would like them to only be used for our domain, not all domains, and for reverse (PTR) lookups.

    So the ideal situation would be:
     - our DNS servers would be used our domain and PTR lookups as soon as VPN activates
     - they would be always used for the above uses as long as the VPN stays up.

    Not so ideal, but ok(this is how it works now except for the problem cases):
     - our DNS servers would be used for all domain lookups wheneven VPN is active

    We are using opensource OpenVPN as the solution and can control the server side and client side parameters in this case. So, basically, we can
    push any DHCP options to the clients and can also modify the client side configuration.
    I encoutered same issue, I strongly belive it's a OS problem.
    Monday, November 02, 2009 8:59 AM