Zitat von Matthew Grooms <[email protected]>:
On 10/1/2010 3:15 PM, [email protected] wrote:Zitat von Matthew Grooms <[email protected]>:On 9/28/2010 3:40 PM, [email protected] wrote:Hello we like to set for all VPN users a "prefered" internal DNS-server to resolve internal addresses and external ones. Unfortunately it seems that after bringing up the VPN still the DNS server assigned to the Windows LAN Interface is used. This is especially annoying with provider which lie about non-existing domains to redirect to some search page. Details: Client OS Windows XP-SP3 with ShrewSoft VPN Client 2.1.6 and a virtual interface with manual assigned IP address and DNS server. No Split DNS or search suffix set. Name resolution by hand works fine across the tunnel but as said the DNS server assigned by DHCP to the Windows LAN Interface is used first. Any chance to get the VPN DNS Server as prefered??Hi Andreas, How do you have DNS configured on the client OS? Is "Append primary and connection specific DNS suffixes" or "Append these DNS suffixes ( in order )" selected under the advanced TCP/IP settings DNS tab? -MatthewThe "Append primary and connection specific DNS suffixes" are set (default) but are all empty. The "Append these DNS suffixes" is unchecked. The LAN interface is set by DHCP from a ADSL Router (default-gw, DNS-proxy) with the NS point to the router device which in turn does NS lookups against the NS assigned from the DSL Provider.Andreas,Are you able to resolve DNS names that can only be resolved via the tunnel specific DNS server? If so, what leads you to believe that the system is resolving DNS names using the adapters default DNS server?-Matthew
HelloThe problem arises with providers spoofing DNS answers like german t-Online. If a name does not exist in DNS like "name.internal.our.domain" they answer with an A record for their search site instead of providing no answer. This lead to internal systems being unreachable because the second DNS (across the VPN) is not asked in this case because the first one already delivered a (wrong) answer. That's why i like to force the DNS server accross VPN to be the prefered (eg. asked first) or the only one used.
Many Thanks Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
