[Vpn-help] DNS suffix search list
Matthew Grooms
mgrooms at shrew.net
Tue Jan 15 02:37:54 CST 2008
Tai-hwa Liang wrote:
>
> I'm using 2.1.0-alpha5. It turns out that if I have manually specified
> DNS search suffix which is different from VPN gateway specified one,
> I'll have to use FQDN to reach to the server. For example,
>
> Manually specified suffix: example.com
> Connection-specific DNS Suffix(VPN adapter): vpn.net
>
> C:\> ping srv1
> Ping request could not find host srv1. Please check the name and try
> again.
>
> If I remove example.com from the DNS suffixes listing:
>
> C:\> ping srv1
> Pinging srv1.vpn.net [192.168.0.1] with 32 bytes of data:
>
> Reply from 192.168.0.1: bytes=32 time=253ms TTL=31
> Reply from 192.168.0.1: bytes=32 time=109ms TTL=31
> Reply from 192.168.0.1: bytes=32 time=46ms TTL=31
> Reply from 192.168.0.1: bytes=32 time=58ms TTL=31
>
> 'net stop/start dnscache' wouldn't help in this case unless I remove
> all manually specified DNS appending suffixes.
>
Tai-hwa,
Thanks for the input! This is very consistent with my findings. I can
think of a few ways to work around this but it looks like the behavior
is by design. The only information I could find that describes how the
Microsoft DNS resolver system works claims to be Windows 2000 specific.
I doubt windows XP is much different in this respect.
http://technet.microsoft.com/en-us/library/bb742582.aspx
The following section agrees with the behavior we are seeing ...
Unqualified Single-Label Query
A name containing no dots is called an Unqualified Single-Label name,
for example ntserver.
If such a name needs to be resolved it must be fully-qualified using
some suffix before being placed on the wire. The list of suffixes to try
can come from two places:
* Global suffix search order, and
* Primary and per-adapter domain names.
If a suffix search order is predefined, then it is used. If it is not
defined then the Primary and per-adapter domain names are used.
... I find the way a user would configure the global suffix search list
quite strange as its done under the adapters TCP/IP binding properties.
This would lead me to believe it is specific to the adapter. It doesn't
say global anywhere that I can see :/
In any case, I am very interested to hear how many of these DNS related
issues are resolved by removing any global suffix search order settings.
Thanks,
-Matthew
More information about the vpn-help
mailing list