Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
VPN, Split DNS and name lookup Part 2
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
VPN, Split DNS and name lookup Part 2 - 24.Feb.2005 9:25:00 PM
|
|
|
BobW
Posts: 200
Joined: 27.Mar.2002
Status: offline
|
This is a follow up to a prior post as I have contacted PSS to try and resolve the issue. To recap:
I am running a split DNS with my ISP hosting our external DNS records. I found that if I had the same A records defined on my internal DNS as existed on my externel DNS AND the users connected via the VPN, the dns lookup process would find the external A record first even though the VPN was handing out and internal DNS server.
Changing the binding order did not fix the issue.
The only way around the problem was/is to make the modification as listed in Q311218 to each machine. NOTE: Exporting the key and importing the key to another machine is not an option as the key contains GUIDs for the network connections/NICs.
If anyone has any insight as to another work around I would appreciate it.
Hope that helps someone!
Bob
NOTE: A request for change was sent to the developers at MS, but the number of folks making the request did not justify the modification to the OS and thus it will not be made.
[ February 24, 2005, 09:26 PM: Message edited by: BobW ]
|
|
|
|
|
RE: VPN, Split DNS and name lookup Part 2 - 25.Feb.2005 12:00:00 AM
|
|
|
BobW
Posts: 200
Joined: 27.Mar.2002
Status: offline
|
My users are, how do we say, technically challenged. Mostly what I am trying to accomplish are:
RPC over http.
Making it so, when a user takes his/her laptop offsite AND their homepage is set to our internal homepage, they will not get a "can not find page", but, at least, a page saying "you must connect to see the internal page".
We use Sharepoint server for alot of internal stuff, thus word references a host name which happens to match the homepage name. THUS this would break as well if I mirrored the A record.
Is any of this stuff NECESSARY? No, but rpc over http sure would be nice, which would then break the VPN functionality....etc.
Always a pleasure,
Bob
quote:
Originally posted by tshinder:
Hi Bob,
What a PIA ![[Frown]](/image/smiles/frown.gif)
I could have sworn that it wasn't an issue before XP SP2, but from they're telling me, its been this way forever.
The only workarounds I can think of would be real hacks, like doing a log on script that sends the VPN clients a custom HOSTS file, and then a log off script that returns the HOSTS file to it previous state. And then, if they don't login via dial-up networking, they won't even get the log on script.
What kind of users do you have, and what is it their accessing via the VPN?
Thanks!
Tom
|
|
|
|
RE: VPN, Split DNS and name lookup Part 2 - 25.Feb.2005 1:25:00 PM
|
|
|
wbplomp
Posts: 138
Joined: 18.Nov.2004
From: Netherlands, The
Status: offline
|
Hi Bob,
This is by design.
See the Microsoft Knowledge article below:
http://support.microsoft.com/default.aspx?scid=kb;en-us;311218&Product=winxp
This is a very old document, Microsoft solved this in a mather that the internal DNS Server is also resolved when the external record is not found. But unfortunally they didn't think about split-DNS. I have the same problem. They is only solution for this; use an internal Proxy Server.
Kind regards,
Boudewijn Plomp
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
