1

Over VPN clients do not seem to be using their DNS search suffix list. When attempting to ping a netbios name, the client appends it's own domain name to the lookup. The dns server responds that there no such name. The client then does nothing.

From inside the LAN this works totally different. Client appends it's own domain. DNS server replies no such name. Client appends next domain in search suffix list. DNS server has a secondary zone for this domain, replies with the correct IP address.

The client can ping the resource by IP, and FQDN. Also, nslookup resolves the correct name. It seems that only netbios lookups are failing. Tags: DNS, VPN, Checkpoint, Windows XP

voretaq7
  • 79,879
  • 17
  • 130
  • 214
lowlatency
  • 11
  • 1
  • 3

3 Answers3

2

NetBIOS is a different thing to DNS. NetBIOS name resolution uses either broadcasts (limited to a single subnet on an ip network typically), WINS (wider scope, requires a WINS server to be identified generally provided via DHCP), or an LMHOSTS file. If NetBIOS name resolution is failing across a VPN connection but working within your LAN environment and that LAN uses WINS then you should look at the DHCP scope options being provided by your VPN client (these may be configured at the client end or provided dynamically by the VPN gateway).

If you mean the hostname (e.g. the MyPC part of MyPC.somedomain.com) does not resolve across your VPN even though it does when you are in your office then the issue is that your VPN is either not appending the domain suffix that you need or possibly that your VPN is not redirecting DNS.

Without a bit more information it's hard to be more specific - post the output of ipconfig /all when connected via VPN and when connected to the LAN for a start.

Helvick
  • 20,019
  • 4
  • 38
  • 55
  • I can't enter enough characters for the ipconfig /all. Client is a member of domain1.com. Has a dns search suffix list for domain1.com and domain2.com. when attempting to reach hostname2 in domain2. the client performs a lookup, first appending client's own domain. hostname2.domain1.com. The dns server replies no such name. That part works the same on vpn or lan. Then, on lan, the client requests hostname2.domain2.com. server responds with the ip. On vpn, the client does not make the second request. – lowlatency Jun 21 '10 at 14:26
0

In the settings for this connections, go to tcp/ip properties and advanced properties and select DNS. In the connection specific DNS suffix for this connection add the domain (the domain suffix).

redknight
  • 857
  • 3
  • 9
  • 13
0

It was dns hijacking at the ISP. The client's physical adapter was using Level 3 DNS servers. Level 3 redirects unknown records to a landing page, instead of returning no such name. Changed the client to Comcast DNS servers. Problem solved.

lowlatency
  • 11
  • 1
  • 3
  • Please also accept your answer so this question doesn't randomly pop to the top page. Thank you for posting the resolution! – Chris S Jun 23 '10 at 18:22