[Vpn-help] DNS setting doesn't work in 2.0.0

Matthew Grooms mgrooms at shrew.net
Wed Sep 26 23:42:20 CDT 2007


Tai-hwa Liang wrote:
> On Wed, 26 Sep 2007, Matthew Grooms wrote:
>>
>> This is a side effect of having Split DNS enabled. Since the windows 
>> DNS resolver has no concept of forwarding a request to a specific DNS 
>> server based on the Domain Name suffix, all requests must come from 
>> one adapter. The Shrew Soft DNS Transparent Proxy Daemon intercepts 
>> the DNS requests, examines them and forwards to the appropriate DNS 
>> server.
>>
>> There are a few drawbacks.
>>
>> 1) The VPN Client doesn't disable Split DNS when split domain suffixes 
>> are not supplied ( automatically or manually ). With this in mind, the 
>> DTPD service will never redirect any traffic to the tunnel specific 
>> DNS server if no domain suffixes are available to match.
>>
>> 2) Since the Shrew Soft client uses the public DNS server as the 
>> "primary" DNS interface when Split DNS is enabled, it cant set the 
>> Domain name suffix for the adapter. This is due to a Microsoftism 
>> where you have to down the adapter and bring it back up for these 
>> setting to take effect :/
>>
>> To work around (1), add a Split DNS suffix that matches your default 
>> DNS domain.
>>
>> To work around (1) & (2), disable Split DNS which allows a virtual 
>> adapter to be "primary" for DNS.
> 
>   This does the trick for me.  However, it appears to me that "Default 
> Gateway" disappears in this case(it was 192.168.123.2 when Split DNS was
> enabled).
> 

Please try the 2.0.1 version just released. It has a lot of improvements 
and bug fixes :)

-Matthew



More information about the vpn-help mailing list