Hi,

I have an issue with VPN clients not being able to access the DNS server on our LAN when they dial in. To give a brief overview of our network:-

  • Clients connect over VPN using L2TP IPSec VPN to our Draytek router
  • DNS Server runs on a dedicated WIN2008 server and the Draytek dishes out this via DHCP to LAN hosts (successfully) and VPN clients (unsuccessfully)

When connected over VPN, a user cannot resolve any of the internal host names - some users are successful using FQDNs but my PC is in one of the categories who are not so fortunate (I think it's a WinXP vs Win7 issue for FQDN resolution success, with Win7 being successful).

I've done a Wireshark capture on the VPN client and noticed that when making a request to the DNS server, the server that responds is that of my ISP or if I force that way down the list in Network Connections, the secondary DNS server configured on the Draytek router (our corporate ISP's DNS server). The Win2008 server never seems to get chosen/or responds (can't figure out what) to DNS requests. One potential area of investigation is the fact it is on a local LAN address, but VPN clients are able to ping it with no issues, so it's contactable, without doubt.

A few things I've tried are:-

  • Adding and registering the corporate DNS suffix in the VPN connection properties
  • Adding and moving to the top of the list, the internal WIN2008 DNS server on the client VPN properties
  • Using NSLOOKUP to diagnose the issue and seeing that the IP address of our WIN2008 server has "Non-existent domain" beside it, with my home router preceding it with "Timed out" and our corporate ISP as 3rd choice stating, "Non-existent domain" too. It also shows that the corporate ISP's DNS server is the chosen DNS server.

If anyone would have any ideas on how to resolve (excuse the pun) this issue, any advice at all would be great. I know the broken link: the DNS server and VPN clients can't communicate, but I cannot figure out where the problem could be.

Thanks in advance! :)