[Vpn-help] 1.1.0 observation (bug? Maybe)
Matthew Grooms
mgrooms at shrew.net
Thu Oct 5 13:38:31 CDT 2006
Peter Eisch wrote:
> I'm able to reproduce this with certainty though the number or types of
> actions I need to do on the client systems before it happens still eludes
> me.
>
> On a *nix box, the solution is to specifically replace the contents of
> resolv.conf with what is received in the isakmp setup. How does windows
> manage different DNS servers on different interfaces?
>
Well, on windows the DNS settings are per adapter. But as far as I know,
when a new adapter becomes available the DNS settings from that adapter
are used exclusively. I don't think it would fail over to another DNS
adapters configured DNS server unless the virtual adapters DNS server is
unavailable.
> I can email full configs on client and server if you'd like. No magic or
> tricks on either side. Server in this case is -current of ipsec-tools as of
> yesterday. That doesn't seem to be pertinent though as it's the client
> that's generating the requests to the "wrong" nameserver.
>
The client will proxy a request and send it to a local DNS server if
split DNS is enabled. You said you have this disabled right? It may be a
logic error in the client where if the 'Enable Split DNS' is checked,
'Obtain Automatically' is checked and the server doesn't provide a Split
Domain suffix list, all requests are being proxied to the local DNS
server because the question section doesn't match a tunnel specific DNS
suffix.
Can you try removing all Split DNS related checks for the site config,
do a ipconfig /flushdns, re-connect and let me know if it fairs any better?
Thanks,
-Matthew
More information about the vpn-help
mailing list