[Vpn-help] DNS suffix search list

Jascha Petersen jascha.petersen at circle-unlimited.de
Sun Jan 13 08:08:21 CST 2008


Hi Matthew,

Thank you for your awnser. 

We have the same issue (using Racoon on Linux as VPN gateway), i investigated it with Wireshark. What I found out that, after the VPN is connected, the request for DNS went to the local DNS Server not the one specifed for the VPN. The local DNS Server denied the request (host unknown) and you get no name resoulution. 
After you stop the dns cache and restarted it or using ipconfig /renew the DNS request went to the right DNS Server and the name resolve is working. 
What me confsued is that, after you are connected and no DNS is working you get the right DNS Server with the nslookup Tool under Windows, the request with nslookup are working but no resolution with tools like ping.
I tried the 2.1 A5 without luck and using the DNSCache workaround... If you need further help I can offering you my help.

Jascha

-----Ursprüngliche Nachricht-----
Von: mgrooms [mailto:mgrooms at shrew.net]
Gesendet: So 1/13/2008 2:14
An: Jascha Petersen
Cc: vpn-help at lists.shrew.net
Betreff: Re: [Vpn-help] DNS suffix search list
 

On Sun, 13 Jan 2008 00:32:21 +0100, "Jascha Petersen"
<jascha.petersen at circle-unlimited.de> wrote:
> Hi,
>
> What I found out that you can do perhaps a "ipconfig /renew" what also
> should work
>
> Will this "bug" be fixed in one in the 2.1 release?
>

I would love to fix this problem for the 2.1.0 release. Up till now I had
only head the problem reported by two sources. From the response this
thread is getting, I will now assume that this problem is more wide spread.
Unfortunately, I'm not exactly sure what really causes the issue.

For example, stopping and starting the Micorsoft dnscache service after the
connect connects seems to help but I'm not sure why. At first I thought it
was due to negative DNS entries being cached by the dnscache service but
these are now flushed by the client at connect time and disconnect time. To
test this independently, you can run an "ipconfig /displaydns" before and
after the client connects. You will notice that all DNS entries are purged
from the dnscache table. We also tried setting the TTL for negative DNS
entries to 0, which disables this feature in the dnscache service, but that
didn't seem to help the problem either.

Peter and Brian have been very helpful in trying to narrow down the cause
of this problem but we have yet to find a real answer. Tai-hwa Liang, also
noticed this issue and was very helpful in testing the 2.1.0 alpha 5
release. In contrast, he reported the problem had been resolved for him on
all the workstations he tested. This leads me to believe there may have
been two problems and that only one of them was solved when I rewrote the
adapter configuration and DNS Transparent Proxy Daemon for alpha 5.

So ... How many people are seeing this issue with the latest 2.1.0 alpha 5
release? I am open to any suggestions people may have about the nature of
the problem or how to potentially correct it. Has anyone tried stopping the
Shrew Soft DNS Transparent Proxy service before connecting to see if this
has an impact? Does stopping and starting the dnscache service after
connecting to the gateway solve this problem for everyone?

Thanks,

-Matthew



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20080113/86246b0e/attachment-0002.html>


More information about the vpn-help mailing list