[pptp-server] Internal DNS server blues

Cowles, Steve Steve at SteveCowles.com
Wed Feb 21 17:02:01 CST 2001 

> -----Original Message-----
> From: David LANDGREN [mailto:dlandgre at bpinet.com]
> Sent: Wednesday, February 21, 2001 10:07 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Internal DNS server blues
> 
> 
> All is well and good, however...
> 
> The clients initially dial up via modem, and the connection 
> to the initial ISP negotiates two public DNS servers,
> 194.x.y.z whatever. On successfully connecting to the ISP,
> the client then connects through MS VPN to my private network.
> At this point things get rather bizarre. 
> What happens is the addresses of my two internal DNS servers,
> rather than replacing the two public addresses, get tacked
> onto the end. So when I run winipcfg on the ppp interface on
> the client, I get four separate DNS addresses, my two coming
> after the first two.

This is not as bizarre as it may seem. This is normal TCP/IP -> Resolver Lib
interaction. i.e. DNS servers are global settings, not per connection
profile. 

I agree though, I would like to see Microsoft change the "order" of the DNS
servers shown when using "winipcfg" after a VPN connection is established
and then revert back when the VPN is terminated. Based on my results though,
I think Microsoft is changing the order internally. Unfortunately, my
Win98Me based laptop does not have nslookup, so a can't really verify what
server is actually being queried after the VPN is established. i.e. nslookup
-debug www.mydomain.com

> 
> What this means is that the client is unable to resolve the
> name of anything inside my network. What I really want to do
> is to wipe out the initial DNS addresses that were given
> during the initial dial-up and replace them with my internal
> addresses. Because in any event, if my internal DNS servers
> can't resolve an address (because its an outside machine),
> they will forward the request onto those two public DNS
> servers anyway.
> 
> Does anyone have this setup ?

I have the exact same setup. I run internal DNS servers which return private
addresses for ftp,www,mail, etc... on my local network and then forward all
other requests for everything else outside.  

I'm not seeing the same results as you. So I don't know if I can offer any
pointers except to verify that what you are describing in your post...
should work as you have stated. (see below) In fact, my VPN connection would
be allmost useless if my internal DNS servers did not return the private ip
addresses. 

NOTE: For the purpose of this post, I have changed my real domain name to
"mydomain.com" and also substituted xx.xx.xx.xx for the public ip address.
Also, my firewall is configured to NOT answer ICMP echo-requests (ping's) on
the external interface, so the request timeouts shown are normal but name
resolution is working. 

----------------------
The following ping is after establishing a dialup connection to my ISP from
my Win98Me laptop. I have not yet established my VPN. Name resolution is now
pointing to my ISP's name servers.

C:\WINDOWS>ping www.mydomain.com

Pinging www.mydomain.com [xx.xx.xx.xx] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for xx.xx.xx.xx:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

C:\WINDOWS>

Now I have established a VPN into my local network which is running PopTop.
Please note: At this time, when I run "winipcfg", I now have 4 DNS servers
listed. My ISP's are still listed first, then my internal ones. Again, based
on my results, I think Microsoft is changing the search order internally.
The internal IP address is now properly returned for the same FQDN.

C:\WINDOWS>ping www.mydomain.com

Pinging www.mydomain.com [192.168.9.3] with 32 bytes of data:

Reply from 192.168.9.3: bytes=32 time=234ms TTL=255
Reply from 192.168.9.3: bytes=32 time=206ms TTL=255
Reply from 192.168.9.3: bytes=32 time=206ms TTL=255
Reply from 192.168.9.3: bytes=32 time=219ms TTL=255

Ping statistics for 192.168.9.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 206ms, Maximum =  234ms, Average =  216ms

C:\WINDOWS>

I just checked my configuration on my Win98Me client. In both the dialup
profile and the pptp profile, I am specifying absolutley nothing. i.e. DNS
servers entries are blank. They are being assigned by either my ISP's DHCP
servers or through /etc/ppp/options after the VPN is extablished.

Good luck
Steve Cowles

More information about the pptp-server mailing list