DNS Search Order is Wrong When Connecting to VPN

[Dustin]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Here is a little background:

PPTP VPN from Windows XP clients via a Cisco PIX 515E firewall
PIX assigns IP and DNS information
Domain suffix is manually configured in the VPN CONNECTOID

The Issue:

Up until this past week, our VPN has worked great. We made no changes
to the configuration of the firewall. This week, my users can not
access resources, via name, when connected to the VPN. They can
access the resources by IP address. I investigated further and found
that the DNS queries are being sent to their ISP's DNS servers, and
not the DNS server on our LAN.

No matter what I do, short of completely removing the ISP's DNS
settings, can I get it to search the DNS Server on our LAN first. The
only way that a query will move the the next DNS servers is if it
cannot contact the first server at all.

It seems that something has changed in Windows (at least XP) that does
not allow it to update the DNS Search order in memory. Maybe it was
one of the updates? Or... maybe it is a virus (I do not believe this
though, as we stay current with Windows Updates and Anti-virus
software).

Also, I tested this from my home computer, and it fails the same way
(but I am using the RC1 of SP2).

I appreciate all help, but please do not just to conclusion without
thoroughly understanding the issue (I have seen many times when people
do not read the entire post).


Thanks in advance,
Dustin A. Dortch
Network+, MCSA/MCSE W2K

 

[Guest]

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

1. Do you have the DNS suffix information configured on your VPN
client adapter?
2. What happens when you run "nslookup" from the command prompt - are
your servers mentioned at all before it fails over to the ISP?
3. When you type in "ipconfig /all", do you see your DNS servers
listed under the VPN Adapter?

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On 8 Jun 2004 12:21:33 -0700, dustin_dortch@hotmail.com (Dustin)
wrote:

>Here is a little background:
>
>PPTP VPN from Windows XP clients via a Cisco PIX 515E firewall
>PIX assigns IP and DNS information
>Domain suffix is manually configured in the VPN CONNECTOID
>
>The Issue:
>
>Up until this past week, our VPN has worked great. We made no changes
>to the configuration of the firewall. This week, my users can not
>access resources, via name, when connected to the VPN. They can
>access the resources by IP address. I investigated further and found
>that the DNS queries are being sent to their ISP's DNS servers, and
>not the DNS server on our LAN.
>
>No matter what I do, short of completely removing the ISP's DNS
>settings, can I get it to search the DNS Server on our LAN first. The
>only way that a query will move the the next DNS servers is if it
>cannot contact the first server at all.
>
>It seems that something has changed in Windows (at least XP) that does
>not allow it to update the DNS Search order in memory. Maybe it was
>one of the updates? Or... maybe it is a virus (I do not believe this
>though, as we stay current with Windows Updates and Anti-virus
>software).
>
>Also, I tested this from my home computer, and it fails the same way
>(but I am using the RC1 of SP2).
>
>I appreciate all help, but please do not just to conclusion without
>thoroughly understanding the issue (I have seen many times when people
>do not read the entire post).
>
>
>Thanks in advance,
>Dustin A. Dortch
>Network+, MCSA/MCSE W2K