Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site VPN DNS problem

Hi Everyone,

I am trying to get site to site dns working The L2L is established successsfully with one our client.

I can ping ip address from our site to client site, but unable to ping with hostname using FQDN or with out FQDN.

My requirement is only the clinet DNS should be used for the client hostnames other than that local DNS should be in use.

Configuring the hostfile is not a better solution.

Does anyone had the change to tackle this problem.

Please share your suggestions and support.

Many Thanks!

San

  • Firewalling
Everyone's tags (4)
6 REPLIES
Cisco Employee

Site to Site VPN DNS problem

Hi San,

Important question here, what does the FQDN resolves to? Is that IP included on the tunnel acl? If not, what you need to do is only to add that traffic to the Interesting traffic ACL.

Mike

Mike
New Member

Site to Site VPN DNS problem

Hi Mike,

Local DNS servers replies as "NON-EXISTENT DOMAIN"

the destination IP is included in tunnel ACL.

The nslookup is resolving remote domain names when I set the source DNS as the remote DNS server.

Even added remote DNS in my IP config, Im able to reach the remote destination via VPN tunnel with domain names.

My new question: Does all the DNS traffic is now routed to remote DNS server rather local DNS servers for all the queries.

/San

Cisco Employee

Site to Site VPN DNS problem

Nope,

That really depends on the server that you are using to resolve domains. Do you have a Record on your local DNS server to resolve the names that you are trying to access across the VPN?

Based on the output that you attached it seems like you dont, if you put a DNS server that is on the other side...do you get the proper resolution ?

Mike

Mike
New Member

Site to Site VPN DNS problem

No we do not have the record on our local DNS servers.

Planning to go for configuring the local DNS as forwarders for the remote hosts.

Yes, I see it is resolving in time.

San

New Member

Site to Site VPN DNS problem

Is there anyother better solutions to achieve this.

San

New Member

You need to setup DNS

You need to setup DNS Forwarding on your local DNS server. Add client DNS server in the DNS Forwarding list. Very simple.

Andy

2553
Views
0
Helpful
6
Replies