DNS through LAN-LAN Tunnel

danieldiaz · ‎11-20-2005

Im connecting 2 sites via lan-lan tunnel (2 Routers-FW feature set), with split-tunneling at both ends. There is one internal DNS Sever (site A), at site B the router is providing DHCP scope, primary DNS is server at site A and secondary is ISP provider DNS. Everything seems to route correctly except queries to internal DNS. Clients at site B cannot resolve local names but can public names. Should my access-list at site A include entries for DNS from site B request?

jackko · ‎11-20-2005

try from a site b host to ping the site a dns server. further, on the same host, do "nslookup" from the command prompt. the one is shown should be the site a dns server ip, not the public dns ip.

e.g.

C:\>nslookup

Default Server: companydns.com.au

Address: 192.168.1.100

>

danieldiaz · ‎11-21-2005

Thank you. I had to work it through TAC. At one point I was able to source a telnet from site B inside interface to port 53 which traversed tunnel. Without any explanation that stopped working. In addition, router A was responding to pings from router B (through tunnel)but logging unreachable port. TAC configured a loopback and a route map on router A. This resolved it but still doesnt explain why it stopped working.

nrichie · ‎11-21-2005

What entries does your current acl's contain? In the Windows world, the server/workstations will utilize the secondary DNS server if the primary is unavaialable. Is this 1 MS domain? If so, you could point the clients at the server(b) and have server(b) configured to forward all to server(a).

danieldiaz · ‎11-21-2005

Thank you. I had to work it through TAC. At one point I was able to source a telnet from site B inside interface to port 53 which traversed tunnel. Without any explanation that stopped working. In addition, router A was responding to pings from router B (through tunnel)but logging unreachable port. TAC configured a loopback and a route map on router A. This resolved it but still doesnt explain why it stopped working.