[Vpn-help] DNS setting doesn't work in 2.0.0

Tai-hwa Liang avatar at mmlab.cse.yzu.edu.tw
Wed Sep 26 20:46:34 CDT 2007 

On Wed, 26 Sep 2007, Matthew Grooms wrote:
> Tai-hwa Liang wrote:
>> Hi,
>>
>>    I'm using ShrewVPN 2.0.0 on Windows XP to connect to a ipsec-tools-0.6.7
>> FreeBSD gateway.  It turns out that after connected to the gateway,
>> the DNS settings are not updated:
>> 
>> C:\> ipconfig/all
>> .
>> .
>> Ethernet adapter {0AE43808-97E4-4B98-8017-EC4A87E0CCCA}:
>>  	Connection-specific DNS Suffix  . :
>>  	Description . . . . . . . . . . . : Shrew Soft Virtual Adapter - 
>> Packet Scheduler Miniport
>>  	Physical Address. . . . . . . . . : AA-AA-AA-AA-AA-00
>>  	Dhcp Enabled. . . . . . . . . . . : No
>>  	IP Address. . . . . . . . . . . . : 192.168.123.2
>>  	Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>  	Default Gateway . . . . . . . . . : 192.168.123.2
>>  	Primary WINS Server . . . . . . . : 192.168.0.5
>>
>>    As you may aware, the WINS server(configured as "Obtained 
>> Automatically")
>> address is correct but there is no "DNS Servers" in aforementioned output
>> even if I uncheck the "Obtained Automatically" box and specify "DNS Server 
>> Address" manually.
>
> This is a side effect of having Split DNS enabled. Since the windows DNS 
> resolver has no concept of forwarding a request to a specific DNS server 
> based on the Domain Name suffix, all requests must come from one adapter. The 
> Shrew Soft DNS Transparent Proxy Daemon intercepts the DNS requests, examines 
> them and forwards to the appropriate DNS server.
>
> There are a few drawbacks.
>
> 1) The VPN Client doesn't disable Split DNS when split domain suffixes are 
> not supplied ( automatically or manually ). With this in mind, the DTPD 
> service will never redirect any traffic to the tunnel specific DNS server if 
> no domain suffixes are available to match.
>
> 2) Since the Shrew Soft client uses the public DNS server as the "primary" 
> DNS interface when Split DNS is enabled, it cant set the Domain name suffix 
> for the adapter. This is due to a Microsoftism where you have to down the 
> adapter and bring it back up for these setting to take effect :/
>
> To work around (1), add a Split DNS suffix that matches your default DNS 
> domain.
>
> To work around (1) & (2), disable Split DNS which allows a virtual adapter to 
> be "primary" for DNS.

   This does the trick for me.  However, it appears to me that "Default 
Gateway" disappears in this case(it was 192.168.123.2 when Split DNS was
enabled).

> The situation will improve for the 2.1 release.

   I'm glad to hear about that.  Thank you for working on this.

-- 
Thanks,

Tai-hwa Liang

More information about the vpn-help mailing list