Name resolution issues with VPN Chris Warwick <news[ at ]remove.this.bit.nuney.com> 10/13/2008 11:17:41 PM Scenario: I have a domain using DFS with a domain-based root, so clients access folder shares using \\domain.com\share-name. Domain.com is also registered externally (internet). When on my internal subnet my internal DNS servers resolve domain.com and all is well. But when I fire up a VPN client and get a new set of DNS servers I'm guessing they are picking up the external view of domain.com. The external view points to a web hosting service. Consequently I loose all access to DFS folders (including "My Documents" etc) as long as the VPN connection is active. Basically, I want to use the VPN supplied DNS servers for all name resolution *except* for domain.com which should ALWAYS point to my internal servers - even when the VPN connection is active. I don't want to use host records because that would break DFS anyways. Any ideas how I might fix this? Apologies if this is the wrong group - if I should be somewhere else please let me know. Happy to provide further configuration details as required. Thanks all Chris

RE: Name resolution issues with VPN James Yeomans BSc, MCSE 10/14/2008 8:58:00 PM Hi there, unfortuantely you can't specify on a client different dns servers to use for different domains. You have to either make sure they use a dns server that contains a copy of the zone they need to resolve or make sure a copy of that zone is on the dns server they are using ( i realise they are both the same thing). Your best bet would be to create a record on your external dns servers for the internal resource you are trying to access. Bear in mind an external record could point to an internal IP say, 192.168.x.x (or any other private subnet that you may be using on your LAN), that way the client will receive the ip and be able to access the resource. Hope that helps. Good luck. James. -- James Yeomans, BSc, MCSE "Chris Warwick" wrote: [Quoted Text] > Scenario: I have a domain using DFS with a domain-based root, so > clients access folder shares using \\domain.com\share-name. > > Domain.com is also registered externally (internet). > > When on my internal subnet my internal DNS servers resolve domain.com > and all is well. But when I fire up a VPN client and get a new set of > DNS servers I'm guessing they are picking up the external view of > domain.com. The external view points to a web hosting service. > Consequently I loose all access to DFS folders (including "My > Documents" etc) as long as the VPN connection is active. > > Basically, I want to use the VPN supplied DNS servers for all name > resolution *except* for domain.com which should ALWAYS point to my > internal servers - even when the VPN connection is active. > > I don't want to use host records because that would break DFS anyways. > > Any ideas how I might fix this? > > Apologies if this is the wrong group - if I should be somewhere else > please let me know. Happy to provide further configuration details as > required. > > Thanks all > Chris > >

Re: Name resolution issues with VPN Chris Warwick <news[ at ]remove.this.bit.nuney.com> 10/15/2008 5:44:09 AM On Tue, 14 Oct 2008 13:58:00 -0700, James Yeomans BSc, MCSE <JamesYeomansBScMCSE[ at ]discussions.microsoft.com> wrote: [Quoted Text] >Hi there, unfortuantely you can't specify on a client different dns servers >to use for different domains. You have to either make sure they use a dns >server that contains a copy of the zone they need to resolve or make sure a >copy of that zone is on the dns server they are using ( i realise they are >both the same thing). Your best bet would be to create a record on your >external dns servers for the internal resource you are trying to access. Bear >in mind an external record could point to an internal IP say, 192.168.x.x (or >any other private subnet that you may be using on your LAN), that way the >client will receive the ip and be able to access the resource. Hope that >helps. Good luck. >James. Thanks James, unfortunately I have no control over the external DNS and can't add records there. Looks like I'll have to rethink the internal/external publishing of domain.com - likely I'll have to use different names internally/externally Cheers, Chris

Re: Name resolution issues with VPN James Yeomans BSc, MCSE 10/15/2008 8:33:01 AM Your other option is to edit the hosts file on each machine, assuming you dont have to many you could do this manually or you could create a script to copy a new hosts file to each machine, that way all the machine will implicitly know the ip they need and will not require dns to resolve it. The following article explaing about hosts files: http://en.wikipedia.org/wiki/Hosts_file -- James Yeomans, BSc, MCSE "Chris Warwick" wrote: [Quoted Text] > On Tue, 14 Oct 2008 13:58:00 -0700, James Yeomans BSc, MCSE > <JamesYeomansBScMCSE[ at ]discussions.microsoft.com> wrote: > > >Hi there, unfortuantely you can't specify on a client different dns servers > >to use for different domains. You have to either make sure they use a dns > >server that contains a copy of the zone they need to resolve or make sure a > >copy of that zone is on the dns server they are using ( i realise they are > >both the same thing). Your best bet would be to create a record on your > >external dns servers for the internal resource you are trying to access. Bear > >in mind an external record could point to an internal IP say, 192.168.x.x (or > >any other private subnet that you may be using on your LAN), that way the > >client will receive the ip and be able to access the resource. Hope that > >helps. Good luck. > >James. > > > Thanks James, unfortunately I have no control over the external DNS > and can't add records there. Looks like I'll have to rethink the > internal/external publishing of domain.com - likely I'll have to use > different names internally/externally > > Cheers, > Chris >