vpn client dns

Unanswered Question
Oct 26th, 2009


I have multiple Mac OS X clients using of the VPN client software. I configured ip address assignment using pools. The ip address correctly gets assigned to the client. The dns server appears to get assigned correctly because when I perform a nslookup it provides me with the correct Internal DNS servers. The response is also very fast. However, some name resolution, especially windows share drive connections, take forever. After watching the logs on the vpn server, I notice these clients querying their service provider's DNS server 1st instead of using the internal dns server. Of course the firewall denies these requests, but why would it request the service provider's dns? Once the client connects to the vpn server using the cisco vpn client shouldn't the client query the internal dns servers 1st as configured in the connection profiles and group polices sections? If not, does anyone have ideas on how to query the internal dns server 1st? Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 10/27/2009 - 10:50

Hi, Windows share drives are not based on DNS names, those are based on WINS name servers, if you have not defined any on the vpn client it will try to look for the best possible server.

sweigle Wed, 10/28/2009 - 07:18

Hi and thanks for the response. No, our network does not have a WINS server configured. That being said, will defining a WINS server speed up this process even when I use an IP address for the share rather than the name? I still don't understand why the client queries the ISP's DNS before the internal DNS. I would have thought the vpn client software would force the use of the internal DNS.

Ivan Martinon Wed, 10/28/2009 - 08:34

Hi well for instance, if it is Windows Name Resolution then WINS is what needs to be used, as well the fact that your client uses one dns server as preferred to another dns (internal vs isp) depends on configuration to create this kind of behavior you need to configure split dns where you define the dns suffix that will have to be resolved through the tunnel.


This Discussion