resolving DNS problems over a VPN

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

I have a VPN set up from a Watchguard firewall& saefnet client, used
to connect Outlook 203 to our Exchange 203 server.

In the office LAN I have two DCs which are both AD-Integrated DNS servers

wtwmail2.wtwarch.com 192.168.1.7
wtwaccounting.wtwarch.com 192.168.1.6


wtwmail2 runs Exchange2003. At home, I am finding that when I have my
DNS server set to 192.1687.1.7, sometimes I will not be able to pint by
name. That is, it will not resolve domain names properly.

For instance, I find that I cannot resolve wtwmail2.wtwarch.com to
192.168.1.7 with a ping command.
I get an immediate responce "ping request could not find the host
wtwmail2.wtwarch.com. Please check the name and try again."

And this is when I am pointed at wtwmail2 for my DNS resolving. The
server won't return it's own IP!

Strangely enough, if I just leave it go for a while, it will come
back and make the Outlook-Exchange connection that depends on DNS
operating correctly.

I'm a bit mystified. The A records are all in the zone, some other
hosts are not resolved either. We use these Dns servers for the entire
internal network, and we haven't noticed the issue here. Only over the
vpn tunnel. Last night it happened at the same time to all of us who
were connected via VPN at the same time so I don't think it's a
configuration issue with my machine alone.

Any ideas on how I could narrow this down, or any ideas on what could
go wrong with DNS over a VPN tunnel that would cause this problem?

Jim Helfer
WTW Architecs
Pittsburh PA
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uH3jA1RaEHA.1248@TK2MSFTNGP11.phx.gbl,
Jim Helfer <jhelfer@deleteallthis.wtwarch.com> posted a question
Then Kevin replied below:
> I have a VPN set up from a Watchguard firewall& saefnet
> client, used
> to connect Outlook 203 to our Exchange 203 server.
>
> In the office LAN I have two DCs which are both
> AD-Integrated DNS servers
>
> wtwmail2.wtwarch.com 192.168.1.7
> wtwaccounting.wtwarch.com 192.168.1.6
>
>
> wtwmail2 runs Exchange2003. At home, I am finding that
> when I have my DNS server set to 192.1687.1.7, sometimes
> I will not be able to pint by name. That is, it will not
> resolve domain names properly.
>
> For instance, I find that I cannot resolve
> wtwmail2.wtwarch.com to 192.168.1.7 with a ping command.
> I get an immediate responce "ping request could not
> find the host wtwmail2.wtwarch.com. Please check the
> name and try again."
>
> And this is when I am pointed at wtwmail2 for my DNS
> resolving. The server won't return it's own IP!
>
> Strangely enough, if I just leave it go for a while,
> it will come
> back and make the Outlook-Exchange connection that
> depends on DNS operating correctly.
>
> I'm a bit mystified. The A records are all in the
> zone, some other hosts are not resolved either. We use
> these Dns servers for the entire internal network, and we
> haven't noticed the issue here. Only over the vpn
> tunnel. Last night it happened at the same time to all of
> us who
> were connected via VPN at the same time so I don't think
> it's a configuration issue with my machine alone.
>
> Any ideas on how I could narrow this down, or any ideas
> on what could
> go wrong with DNS over a VPN tunnel that would cause this
> problem?

VPN clients have an added problem when connecting to an Active Directory
domain, because they have a view of both public and Active Directory
namespaces. This is one reason why you should choose a different name for
your Active Directory domain from your public domain name.
Your VPN clients won't know which DNS server they are getting resolution
from, you will need modify your hosts file for these names.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Kevin D. Goodknecht Sr. [MVP] wrote:
> In news:uH3jA1RaEHA.1248@TK2MSFTNGP11.phx.gbl,
> Jim Helfer <jhelfer@deleteallthis.wtwarch.com> posted a question
> Then Kevin replied below:
>
>> I have a VPN set up from a Watchguard firewall& saefnet
>>client, used
>>to connect Outlook 203 to our Exchange 203 server.
>>
>> In the office LAN I have two DCs which are both
>>AD-Integrated DNS servers
>>
>> wtwmail2.wtwarch.com 192.168.1.7
>> wtwaccounting.wtwarch.com 192.168.1.6
>>
>>
>> wtwmail2 runs Exchange2003. At home, I am finding that
>>when I have my DNS server set to 192.1687.1.7, sometimes
>>I will not be able to pint by name. That is, it will not
>>resolve domain names properly.
>>
>> For instance, I find that I cannot resolve
>>wtwmail2.wtwarch.com to 192.168.1.7 with a ping command.
>> I get an immediate responce "ping request could not
>>find the host wtwmail2.wtwarch.com. Please check the
>>name and try again."
>>
>> And this is when I am pointed at wtwmail2 for my DNS
>>resolving. The server won't return it's own IP!
>>
>> Strangely enough, if I just leave it go for a while,
>>it will come
>>back and make the Outlook-Exchange connection that
>>depends on DNS operating correctly.
>>
>> I'm a bit mystified. The A records are all in the
>>zone, some other hosts are not resolved either. We use
>>these Dns servers for the entire internal network, and we
>>haven't noticed the issue here. Only over the vpn
>>tunnel. Last night it happened at the same time to all of
>>us who
>>were connected via VPN at the same time so I don't think
>>it's a configuration issue with my machine alone.
>>
>> Any ideas on how I could narrow this down, or any ideas
>>on what could
>>go wrong with DNS over a VPN tunnel that would cause this
>>problem?
>
>
> VPN clients have an added problem when connecting to an Active Directory
> domain, because they have a view of both public and Active Directory
> namespaces. This is one reason why you should choose a different name for
> your Active Directory domain from your public domain name.
> Your VPN clients won't know which DNS server they are getting resolution
> from, you will need modify your hosts file for these names.
>
>
>

Thanks Kevin,

Right now, our DNS namespaces are _mostly_ separate, and the services
are separated (incoming SMTP uses the 'internal'name, but no one should
be usig SMTP/25 internally on our network). So, I don't think there are
too many cases of possible confusion.


I do think that I am going to start adding entries to the hosts flie.
That will help out.

Jim Helfer
WTW Architects
Pittsburgh PA