Jump to content

DNS over VPN


Brian Sierakowski

Recommended Posts

Hey guys, sorry for the lame question...

I'm connected to my work network via VPN, the DHCP is handled by our DC, so I get all the goodies from there (IP, Sub, DHCP, DNS, etc).

However, I am unable to resolve hostnames on my work network, it appears that since we're using a split tunnel it's only allowing me to use the DNS on my primary internet connection.

Is there any way to "fix" this without doing a hosts file?

Thanks,

-B

Link to comment
Share on other sites

What DNS server does DHCP specify? While it would be ideal to use only internal DNS server for internal names and your ISPs (or other internet) DNS server for internet names, there is no security reason you couldn't use the internal DNS for every thing. There is arguably a privacy reason, the server will know whcih domains you visit from now on.

Link to comment
Share on other sites

I would do that, however I'm only periodically attached to the VPN, using it mainly to look at network shares, etc.

I thought for sure that adding our internal DNS server (.25) as 3rd on my list of the DNS servers for my primary NIC would work, but it hasn't. I guess that doesn't make sense, because my primary NIC is on a 192.168 network, and the other network is 10.7 network.

My Virtual VPN NIC has the correct DNS server, I think I'm just going to have to hard code in the locations I'm looking for, because unless the IP starts with 10.x.x.x, DNS will assume that its on the 192.168.x.x network, unless anyone knows a way to force queries across all defined DNS servers?

Thanks,

-B

Link to comment
Share on other sites

I would do that, however I'm only periodically attached to the VPN, using it mainly to look at network shares, etc.

I thought for sure that adding our internal DNS server (.25) as 3rd on my list of the DNS servers for my primary NIC would work, but it hasn't. I guess that doesn't make sense, because my primary NIC is on a 192.168 network, and the other network is 10.7 network.

My Virtual VPN NIC has the correct DNS server, I think I'm just going to have to hard code in the locations I'm looking for, because unless the IP starts with 10.x.x.x, DNS will assume that its on the 192.168.x.x network, unless anyone knows a way to force queries across all defined DNS servers?

Thanks,

-B

That's the purpose of that VPN, if it doesn't start with 10.x.x.x it leaves it on the local LAN. However, the DHCP address you get via the VPN should give you a DNS IP. That should resolve IPs and show they are on the 10.x.x.x network and get your traffic to the proper place. Hard code that DNS IP as the first DNS server instead of the 3rd?

What are the IPs of those network shares you are after? 10.x.x.x?

Link to comment
Share on other sites

That's the purpose of that VPN, if it doesn't start with 10.x.x.x it leaves it on the local LAN. However, the DHCP address you get via the VPN should give you a DNS IP. That should resolve IPs and show they are on the 10.x.x.x network and get your traffic to the proper place. Hard code that DNS IP as the first DNS server instead of the 3rd?

What are the IPs of those network shares you are after? 10.x.x.x?

Correct, the shares that I can't browse to via hostname are on the 10.x.x.x network, aka my work network.

Switching the DNS is not going to do me much good, as since its going to be bound to the 192.168.x.x network, I'll need to route to get to a 10.x.x.x DNS server, which requires me to go through the VPN.

Which, of course, we're already doing.

I think the way to get this fixed is by finding a way to specify that any DNS that cant be found should be searched on all the routing tables, if not found there search the DNS server, failing that go to the NEXT interface. That of course becomes a time out issue, since I have 2 NICs, 2 VM Interfaces, 2 Firewire Interfaces, and then the VPN interface.

This is quickly seeming that doing a hosts file is the way to go, lol.

-B

Link to comment
Share on other sites

Correct, the shares that I can't browse to via hostname are on the 10.x.x.x network, aka my work network.

Switching the DNS is not going to do me much good, as since its going to be bound to the 192.168.x.x network, I'll need to route to get to a 10.x.x.x DNS server, which requires me to go through the VPN.

Which, of course, we're already doing.

I think the way to get this fixed is by finding a way to specify that any DNS that cant be found should be searched on all the routing tables, if not found there search the DNS server, failing that go to the NEXT interface. That of course becomes a time out issue, since I have 2 NICs, 2 VM Interfaces, 2 Firewire Interfaces, and then the VPN interface.

This is quickly seeming that doing a hosts file is the way to go, lol.

-B

use route print in CMD and see which routes are preferred. Adjust the metric so the VPN network is lowest, do this while connected to the VPN, otherwise that VPN adapter will be down and not in that list.

This method would be ideal since you aren't making any static routes (hosts file method). When the VPN is not available, the next metric up will be used and so on.

Link to comment
Share on other sites

use route print in CMD and see which routes are preferred. Adjust the metric so the VPN network is lowest, do this while connected to the VPN, otherwise that VPN adapter will be down and not in that list.

This method would be ideal since you aren't making any static routes (hosts file method). When the VPN is not available, the next metric up will be used and so on.

Ah, that sounds perfect!

I will try that tomorrow!

Thanks,

-Brian

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...