DNS query behavior on VPN

D

dandoo

Hello,
I hope this is the best place to post my question. I have noticed something
that has me puzzled about XP's DNS query behavior when XP clients are
connected to VPN's. I have XP (SP2) clients who are members of domain
SubA.DomainA.com. Their primary search suffix is the same as their domain as
expected. Things get weird when connecting to VPN's which are not a part of
this same domain. We have a partner we regularly have clients connect to
with the domain SubB.CompanyB.com. When the clients connect to the CompanyB
VPN, they do pick up the correct search suffix of SubB.CompanyB.com as
verified when I view ipconfig /all and examine the PPTP adapter settings. I
have noticed that these clients can't resolve host names on the CompanyB
VPN. When I take a trace, I see the clients always append the
SubA.CompanyA.com suffix to their DNS queries and never the CompanyB suffix
even though it is the only suffix showing for that connection. This is using
Windows Server 2003 PPTP with just the MS PPTP settings on the clients. Is
there some reason the clients seem to be ignoring the suffix sent to them
from the VPN server?

Thanks!
Danny
 
R

Robert L [MVP - Networking]

Posting the results of nslookup and IPconfig /all may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hello,
I hope this is the best place to post my question. I have noticed something
that has me puzzled about XP's DNS query behavior when XP clients are
connected to VPN's. I have XP (SP2) clients who are members of domain
SubA.DomainA.com. Their primary search suffix is the same as their domain as
expected. Things get weird when connecting to VPN's which are not a part of
this same domain. We have a partner we regularly have clients connect to
with the domain SubB.CompanyB.com. When the clients connect to the CompanyB
VPN, they do pick up the correct search suffix of SubB.CompanyB.com as
verified when I view ipconfig /all and examine the PPTP adapter settings. I
have noticed that these clients can't resolve host names on the CompanyB
VPN. When I take a trace, I see the clients always append the
SubA.CompanyA.com suffix to their DNS queries and never the CompanyB suffix
even though it is the only suffix showing for that connection. This is using
Windows Server 2003 PPTP with just the MS PPTP settings on the clients. Is
there some reason the clients seem to be ignoring the suffix sent to them
from the VPN server?

Thanks!
Danny
 
D

dandoo

Unfortunately, I can't post that info due to security concerns with the
client. However, the information from the NSLookup is the name server being
listed is the one for the primary LAN connection even when connected to the
VPN and not the VPN name server. This is even with iopconfig showing the
correct connection-specific suffix in the list when connected to the VPN. I
suspect this may be what XP is always trying to use. I know that clients
which are standalone (not domain members) and do not have a primary DNS
suffix use the VPN DNS suffix given to them just fine. So it seems like if
you have a primary suffix then it will try to use it even over
connection-specific suffixes. I am now wondering if this is just expected
behavior in this situation?

Danny


Posting the results of nslookup and IPconfig /all may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Hello,
I hope this is the best place to post my question. I have noticed something
that has me puzzled about XP's DNS query behavior when XP clients are
connected to VPN's. I have XP (SP2) clients who are members of domain
SubA.DomainA.com. Their primary search suffix is the same as their domain as
expected. Things get weird when connecting to VPN's which are not a part of
this same domain. We have a partner we regularly have clients connect to
with the domain SubB.CompanyB.com. When the clients connect to the CompanyB
VPN, they do pick up the correct search suffix of SubB.CompanyB.com as
verified when I view ipconfig /all and examine the PPTP adapter settings. I
have noticed that these clients can't resolve host names on the CompanyB
VPN. When I take a trace, I see the clients always append the
SubA.CompanyA.com suffix to their DNS queries and never the CompanyB suffix
even though it is the only suffix showing for that connection. This is using
Windows Server 2003 PPTP with just the MS PPTP settings on the clients. Is
there some reason the clients seem to be ignoring the suffix sent to them
from the VPN server?

Thanks!
Danny
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

alternate DNS server not querried 1
VPN connects but cannot ping VPN Server 3
DNS order in XP on a VPN connection (not using VPN DNS servers) 1
Windows XP VPN issues 3
DNS suffix is making DNS lookup problems 1
Cannot create VPN connection on a domain member 6
How to lose "domain"/"primary DNS suffix" 3
My vpn-clients don't register in DNS 1

Top