Brian Sierakowski Posted June 26, 2009 Share Posted June 26, 2009 Hey guys, sorry for the lame question... I'm connected to my work network via VPN, the DHCP is handled by our DC, so I get all the goodies from there (IP, Sub, DHCP, DNS, etc). However, I am unable to resolve hostnames on my work network, it appears that since we're using a split tunnel it's only allowing me to use the DNS on my primary internet connection. Is there any way to "fix" this without doing a hosts file? Thanks, -B Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 27, 2009 Share Posted June 27, 2009 What DNS server does DHCP specify? While it would be ideal to use only internal DNS server for internal names and your ISPs (or other internet) DNS server for internet names, there is no security reason you couldn't use the internal DNS for every thing. There is arguably a privacy reason, the server will know whcih domains you visit from now on. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 29, 2009 Author Share Posted June 29, 2009 I would do that, however I'm only periodically attached to the VPN, using it mainly to look at network shares, etc. I thought for sure that adding our internal DNS server (.25) as 3rd on my list of the DNS servers for my primary NIC would work, but it hasn't. I guess that doesn't make sense, because my primary NIC is on a 192.168 network, and the other network is 10.7 network. My Virtual VPN NIC has the correct DNS server, I think I'm just going to have to hard code in the locations I'm looking for, because unless the IP starts with 10.x.x.x, DNS will assume that its on the 192.168.x.x network, unless anyone knows a way to force queries across all defined DNS servers? Thanks, -B Quote Link to comment Share on other sites More sharing options...
decepticon_eazy_e Posted June 30, 2009 Share Posted June 30, 2009 I would do that, however I'm only periodically attached to the VPN, using it mainly to look at network shares, etc. I thought for sure that adding our internal DNS server (.25) as 3rd on my list of the DNS servers for my primary NIC would work, but it hasn't. I guess that doesn't make sense, because my primary NIC is on a 192.168 network, and the other network is 10.7 network. My Virtual VPN NIC has the correct DNS server, I think I'm just going to have to hard code in the locations I'm looking for, because unless the IP starts with 10.x.x.x, DNS will assume that its on the 192.168.x.x network, unless anyone knows a way to force queries across all defined DNS servers? Thanks, -B That's the purpose of that VPN, if it doesn't start with 10.x.x.x it leaves it on the local LAN. However, the DHCP address you get via the VPN should give you a DNS IP. That should resolve IPs and show they are on the 10.x.x.x network and get your traffic to the proper place. Hard code that DNS IP as the first DNS server instead of the 3rd? What are the IPs of those network shares you are after? 10.x.x.x? Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 30, 2009 Author Share Posted June 30, 2009 That's the purpose of that VPN, if it doesn't start with 10.x.x.x it leaves it on the local LAN. However, the DHCP address you get via the VPN should give you a DNS IP. That should resolve IPs and show they are on the 10.x.x.x network and get your traffic to the proper place. Hard code that DNS IP as the first DNS server instead of the 3rd? What are the IPs of those network shares you are after? 10.x.x.x? Correct, the shares that I can't browse to via hostname are on the 10.x.x.x network, aka my work network. Switching the DNS is not going to do me much good, as since its going to be bound to the 192.168.x.x network, I'll need to route to get to a 10.x.x.x DNS server, which requires me to go through the VPN. Which, of course, we're already doing. I think the way to get this fixed is by finding a way to specify that any DNS that cant be found should be searched on all the routing tables, if not found there search the DNS server, failing that go to the NEXT interface. That of course becomes a time out issue, since I have 2 NICs, 2 VM Interfaces, 2 Firewire Interfaces, and then the VPN interface. This is quickly seeming that doing a hosts file is the way to go, lol. -B Quote Link to comment Share on other sites More sharing options...
decepticon_eazy_e Posted June 30, 2009 Share Posted June 30, 2009 Correct, the shares that I can't browse to via hostname are on the 10.x.x.x network, aka my work network. Switching the DNS is not going to do me much good, as since its going to be bound to the 192.168.x.x network, I'll need to route to get to a 10.x.x.x DNS server, which requires me to go through the VPN. Which, of course, we're already doing. I think the way to get this fixed is by finding a way to specify that any DNS that cant be found should be searched on all the routing tables, if not found there search the DNS server, failing that go to the NEXT interface. That of course becomes a time out issue, since I have 2 NICs, 2 VM Interfaces, 2 Firewire Interfaces, and then the VPN interface. This is quickly seeming that doing a hosts file is the way to go, lol. -B use route print in CMD and see which routes are preferred. Adjust the metric so the VPN network is lowest, do this while connected to the VPN, otherwise that VPN adapter will be down and not in that list. This method would be ideal since you aren't making any static routes (hosts file method). When the VPN is not available, the next metric up will be used and so on. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 30, 2009 Author Share Posted June 30, 2009 use route print in CMD and see which routes are preferred. Adjust the metric so the VPN network is lowest, do this while connected to the VPN, otherwise that VPN adapter will be down and not in that list. This method would be ideal since you aren't making any static routes (hosts file method). When the VPN is not available, the next metric up will be used and so on. Ah, that sounds perfect! I will try that tomorrow! Thanks, -Brian Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.