[Vpn-help] 1.1.0 observation (bug? Maybe)

Matthew Grooms mgrooms at shrew.net
Thu Oct 5 13:38:31 CDT 2006


Peter Eisch wrote:
> I'm able to reproduce this with certainty though the number or types of
> actions I need to do on the client systems before it happens still eludes
> me.
> 
> On a *nix box, the solution is to specifically replace the contents of
> resolv.conf with what is received in the isakmp setup.  How does windows
> manage different DNS servers on different interfaces?
> 

Well, on windows the DNS settings are per adapter. But as far as I know, 
when a new adapter becomes available the DNS settings from that adapter 
are used exclusively. I don't think it would fail over to another DNS 
adapters configured DNS server unless the virtual adapters DNS server is 
unavailable.

> I can email full configs on client and server if you'd like.  No magic or
> tricks on either side.  Server in this case is -current of ipsec-tools as of
> yesterday.  That doesn't seem to be pertinent though as it's the client
> that's generating the requests to the "wrong" nameserver.
>

The client will proxy a request and send it to a local DNS server if 
split DNS is enabled. You said you have this disabled right? It may be a 
logic error in the client where if the 'Enable Split DNS' is checked, 
'Obtain Automatically' is checked and the server doesn't provide a Split 
Domain suffix list, all requests are being proxied to the local DNS 
server because the question section doesn't match a tunnel specific DNS 
suffix.

Can you try removing all Split DNS related checks for the site config, 
do a ipconfig /flushdns, re-connect and let me know if it fairs any better?

Thanks,

-Matthew



More information about the vpn-help mailing list