Inconsistant DNS resolution problems on 2003 RRAS server

P

Paul M. Landry

Hello all,
I've been troubleshooting a client's RRAS server, running on a Windows 2003
server.
This server is a dedicated Dial-in and VPN server, and is not a Domain
Controller, DNS or DHCP server.
Just plain old RRAS.
Has anyone seen the following problem?
RRAS is set up to problem 26 VPN connections.
Typically there are about seven RRAS connections going at any one time.
All VPN clients are Windows XP Pro SP2 clients, and they are all configured
exactly the same.
However, some clients are resolving DNS names differently that others.

Once connected to the VPN, pinging a either FQDN or just machine name these
names resolve to the IP address internal to the network. I.e
pioneer.mydomain.com and PIONEER both resolve to 192.168.100.9.
This is what I want to happen.

On some other VPN clients, however, when pinging the address, these clients
are getting back the Globally routable IP address of this server.

As stated above, the VPN settings on each client are exactly the same.
I've verified this with WebEx sessions to check the settings myself.

I don't know if this is related, but I've noticed that when VPN clients
connect, they always get the same IP address they had from prior
connections.
I've not set anything up explicitly to do this in the RRAS server, so I
suspect some kind of caching.

I need all clients to resolve names to the internal IP addresses.
Does anyone know of any fixes or work-arounds for this.?

Thanks,

Paul Landry
 
H

Herb Martin

However, some clients are resolving DNS names differently that others.
Once connected to the VPN, pinging a either FQDN or just machine name these
names resolve to the IP address internal to the network. I.e
pioneer.mydomain.com and PIONEER both resolve to 192.168.100.9.

That is to be expected for EITHER of these two cases:
Broadcasts work for the basic machine name, OR
the machine uses this DNS suffix (mydomain.com)
which is automatically suffixed and tried.
This is what I want to happen.
On some other VPN clients, however, when pinging the address, these clients
are getting back the Globally routable IP address of this server.

What does that mean? When pinging an ADDRESS you
get back some other address?

I suspect you have mistated this (perhaps you mean pinging
the name or something else.)

IF you meant name, then "this server" is ambiguous. You
need to give us some clean differentiation of the machines
involved -- assume we are blind (we are) and you must
be explicit. (You don't have to tell us every detail of your
machines but you need to clearly differentiated each pronound,
e.g., this that it or generic noun "the server" etc.
As stated above, the VPN settings on each client are exactly the same.
I've verified this with WebEx sessions to check the settings myself.

Keep trouble shooting simple unless something likes
you webex is your target app AND it works.

Give us (and yourself) the clean indications from tools
like Ping, Tracert, NSLookup, or from telneting to
application specific ports: e.g., testing an SMTP server
by: telnet serverIP 25
I don't know if this is related, but I've noticed that when VPN clients
connect, they always get the same IP address they had from prior
connections.

Nice but not likely to cause any problem.
I've not set anything up explicitly to do this in the RRAS server, so I
suspect some kind of caching.

Caching of what?

Is it possible your DHCP server is dynamically registering
the addresses given to the RRAS server -- but it only knows
about the RRAS server, not the other machines?

You need to get the clients to do their own registration if
this is the case.
I need all clients to resolve names to the internal IP addresses.
Does anyone know of any fixes or work-arounds for this.?

Focus on the DNS server, the DNS clients, and
how they use and register DNS.

You may have to debug log the DNS server (easy
in the GUI.)

nslookup is a crappy tool but it works and it is
ubiquitous on NT class machines.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top