 | ||
 DNS over VPN - VPN-1 Edge not passing domain DNS? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-11-17 | |||
| |||
 DNS over VPN - VPN-1 Edge not passing domain DNS? Hi all, I've got a problem with Active Directory DNS not passing via a site to site VPN between a VPN-1 Edge box and my other firewalls (SPLAT & IPSO). Setup: All gateways participate in a VPN mesh. All ports open. DNS is defined explicitly (not in global properties) VPN-1 Edge (ver7.5.55x) is dishing out DHCP settings including IP+Mask, WINS, named DNS servers and Domain name suffix (eg. domain.local) for my Active Directory domain. The DNS servers are two of my AD DC's and are located on the other side of a VPN tunnel. Edit: If I reconfigure the Edge to do DHCP relay instead, the same problem exists. Some DNS is working perfectly. If I do an nslookup for anything outside my AD domain (e.g Google) I get a perfect response. If I do a nslookup for anything inside my AD domain the packets never get to my DC. Using Wireshark on the PC and fw monitor on the remote gateway (DC side of network) I can see the packets perfectly for the non AD domain queries. When I do a domain query the packets never arrive at the remote gateway. There are no encryption/decryption errors, nor are there any SmartDefense issues logged in Tracker. To complicate matters, if I query either of my two DC's that house the AD FSMO roles, name resolution works fine for domain.local queries. As a workaround I'm using this now, but this is not sustainable long term. Is this a known problem, have I configured my Edge box incorrectly? Last edited by rubber_chicken; 2008-11-17 at 18:07. Reason: Updated after some more testing  |
| 2008-11-17 | |||
| |||
| Re: DNS over VPN - VPN-1 Edge not passing domain DNS? What DNS servers do the clients get if you run a ipconfig /all? I'd also suggest you change the domain suffix to something unique for the site - it could be that the Edge thinks that the domain suffix is used for local names, and doesn't attempt to resolve DNS for them outside of the local subnet. Finally, what's the DNS Server set on the Internet/External link? |
| 2008-11-18 | |||
| |||
| Re: DNS over VPN - VPN-1 Edge not passing domain DNS? Hi, Thanks for the reply. The ipconfig /all settings are correct. The primary DNS server is my DC that I'm trying to query, the secondary is the DC that does work for some reason. (Most of the DNS is web related hence this way). The DC's are allowed to query Internet DNS servers for web traffic. I had considered that the Edge was thinking it was local too so I changed the config to DHCP relay and cleared all references to the local domain from the config. It seemed to remember it, so I cleared the settings and saved again. I've confirmed that the exported config has no references to the local domain at all. The same problem exists. I'll have to check the External/Internet settings to be precise (am at home at the moment), but it will be provided by DHCP from the ISP. In this instance the Edge is sitting behind a cable modem which is providing a "static" IP address via the ISP's DHCP reservation system. It is a very wierd one that is for sure. |
| 2008-11-18 | |||
| |||
| Re: DNS over VPN - VPN-1 Edge not passing domain DNS? Quote:
|
| 3 Weeks Ago | |||
| |||
| Re: DNS over VPN - VPN-1 Edge not passing domain DNS? Hi Guys... I'm also experining the same problem, sit to site VPN works fine, but when UTM-1 270 box configured as DHCP server. It's only relaesing IP+ Sunet mask... not DNS or WINs values... pls help me .... |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
