Re: Name resolution for VPN Clients

---

• From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
• Date: Wed, 1 Aug 2007 15:15:32 -0500

---

There is only one DNS Server that a LAN Client should ever ever ever use,
that is the Active Directory DNS Server. The ISP's DNS would be a forwarder
within the Config of the AD/DNS. It doesn't matter if the client is a
permanent LAN Client or a VPN User.

The Internet Device (DSL, CableTV, whatever) should never be involved in any
way with DNS in a commercial network. They can be used for Home User
setups, but even then I don't recommend it.

Remember that with Remote Access VPN, when the user makes the "call" that
VPN Connectiod takes over all network communication so whatever DNS or WINS
the Connectiod uses is what the user will be using. When they disconnect
the VPN they go back the whatever they were using on their regular Nic.
This is one of the reasons Remote Access VPN is never meant to be "always
up",...you are supposed to connect,..do whatever job you connected to
do,...then disconnect and leave. Much of the other network (local user's
LAN) communication is "on hold" while the VPN is active.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"johnny_mango" <johnnymango@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C4BA608-DED2-4ED3-A679-E39C3144BBC5@xxxxxxxxxxxxxxxx

Yep.

But in general terms, which DNS server should answer the client in
nslookup?
The local DNS server (the ADSL modem) or the DNS server in the remote
network?

"Phillip Windell" wrote:

Did you create the Access Rule to allow VPN Users to make DNS queries to
the
AD/DNS Server?


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"johnny_mango" <johnnymango@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2934B944-2BDF-46C1-9A37-CCDD534CB03F@xxxxxxxxxxxxxxxx

Hi,

How should a VPN client resolve names? I ask because I wish a VPN
client
to
be able to communicate with an internal server by name, and not by IP,
but
upon executing nslookup on the client, the DNS server on my modem
responds
and not the DNS server in the remote network.
In my network bindings, I have placed the RRAS connection to the top of
the
list and in the properties of the VPN in the ISA Server console I have
configured the clients to use the internal DNS server, but to no avail.

Thanks for any help available.

.

---

• Follow-Ups:
  • Re: Name resolution for VPN Clients
    • From: johnny_mango

• References:
  • Re: Name resolution for VPN Clients
    • From: Phillip Windell

• Prev by Date: Re: Name resolution for VPN Clients
• Next by Date: Re: Name resolution for VPN Clients
• Previous by thread: Re: Name resolution for VPN Clients
• Next by thread: Re: Name resolution for VPN Clients
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: VPN clients unable to connect to other resources. ... gateway matches the IP of the remote client, and DNS and WINS point to the ... remote (although it takes close to a minute to connect, ... This is just regular Windows VPN, ... VPN server, remote routing and access running on the SBS 2003 server ... (microsoft.public.windows.server.sbs) RE: Problems with connectcomputer and active directory ... I understand that you would like to join a remote client to the domain. ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ... Create a VPN connection to ISA/RRAS on the Internet ... (microsoft.public.windows.server.sbs) RE: Remote connectivity problems ... do you mean you have added a remote client to SBS ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ... (microsoft.public.windows.server.sbs) Re: VPN clients unable to connect to other resources. ... Are you saying that an XP Home PC wouldn't be able to connect to a server share over VPN? ... Can ping the SBS but not the client PCs on the same network. ... gateway matches the IP of the remote client, ... (microsoft.public.windows.server.sbs) Re: Secure VPN access ... with it's security option for the client. ... After getting the VPN connection I check the Ip settings and found the ... point to the head ISP's DNS server. ... > Computer certificates for L2TP/IPSec VPN connections ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)