[Vpn-help] DNS setting doesn't work in 2.0.0
Tai-hwa Liang
avatar at mmlab.cse.yzu.edu.tw
Wed Sep 26 20:46:34 CDT 2007
On Wed, 26 Sep 2007, Matthew Grooms wrote:
> Tai-hwa Liang wrote:
>> Hi,
>>
>> I'm using ShrewVPN 2.0.0 on Windows XP to connect to a ipsec-tools-0.6.7
>> FreeBSD gateway. It turns out that after connected to the gateway,
>> the DNS settings are not updated:
>>
>> C:\> ipconfig/all
>> .
>> .
>> Ethernet adapter {0AE43808-97E4-4B98-8017-EC4A87E0CCCA}:
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Shrew Soft Virtual Adapter -
>> Packet Scheduler Miniport
>> Physical Address. . . . . . . . . : AA-AA-AA-AA-AA-00
>> Dhcp Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.123.2
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.123.2
>> Primary WINS Server . . . . . . . : 192.168.0.5
>>
>> As you may aware, the WINS server(configured as "Obtained
>> Automatically")
>> address is correct but there is no "DNS Servers" in aforementioned output
>> even if I uncheck the "Obtained Automatically" box and specify "DNS Server
>> Address" manually.
>
> This is a side effect of having Split DNS enabled. Since the windows DNS
> resolver has no concept of forwarding a request to a specific DNS server
> based on the Domain Name suffix, all requests must come from one adapter. The
> Shrew Soft DNS Transparent Proxy Daemon intercepts the DNS requests, examines
> them and forwards to the appropriate DNS server.
>
> There are a few drawbacks.
>
> 1) The VPN Client doesn't disable Split DNS when split domain suffixes are
> not supplied ( automatically or manually ). With this in mind, the DTPD
> service will never redirect any traffic to the tunnel specific DNS server if
> no domain suffixes are available to match.
>
> 2) Since the Shrew Soft client uses the public DNS server as the "primary"
> DNS interface when Split DNS is enabled, it cant set the Domain name suffix
> for the adapter. This is due to a Microsoftism where you have to down the
> adapter and bring it back up for these setting to take effect :/
>
> To work around (1), add a Split DNS suffix that matches your default DNS
> domain.
>
> To work around (1) & (2), disable Split DNS which allows a virtual adapter to
> be "primary" for DNS.
This does the trick for me. However, it appears to me that "Default
Gateway" disappears in this case(it was 192.168.123.2 when Split DNS was
enabled).
> The situation will improve for the 2.1 release.
I'm glad to hear about that. Thank you for working on this.
--
Thanks,
Tai-hwa Liang
More information about the vpn-help
mailing list