Announcement

Collapse
No announcement yet.

1841 Site-to-Site VPN DNS Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 1841 Site-to-Site VPN DNS Issues

    I'm trying to get my DNS working correctly across a site-to-site VPN connection.
    My initial problem is I dont seem to cleanly have DNS queries for my VPN LAN go through the tunnel whilst all other queries are resolved out to the web.

    WIth the below config I need only specify the router itself via DHCP and all web DNS queries are resolved fine.
    But for internal LAN resources I can only resolve names for those explicitly specified below using the ip host command.

    Even if I specify ip name-server and point to the internal DNS servers I still cannot resolve the names.

    The only way I can resolve the names is if I specify the internal DNS server(s) in the DHCP lease. But then ALL DNS queries go through the tunnel and that cannot be the right way to do it.

    I want all DNS queries for domain "suho.local" to go through the tunnel ... what am I missing?

    ip dhcp pool test1
    network 10.2.200.0 255.255.255.0
    default-router 10.2.200.254
    dns-server 10.2.200.254

    ip host files2.suho.local 192.168.10.101
    ip host suho.local ns 192.168.10.101
    ip host files2 192.168.10.101
    ip host treehouse.suho.local 192.168.10.109
    ip host treehouse 192.168.10.109
    ip name-server 192.168.10.101


    One puzzling issue is that I can ping these hosts from my Win 7 machine but if I try to ping them from the router I get an unreachable response. Those resources are available and working fine.
    Some other relevant config ... I have "ip dns server", "ip domain lookup" ...

    Thanks

  • #2
    Set up Conditional Forwarders on the local DNS server that direct all DNS queries for the suho.local domain to the suho.local DNS servers.

    Comment


    • #3
      Moderator is right on the money. You need to set up conditional forwarding in your case. I have the same setup with site-to-site vpn that I need to resolve host names on the other end of the tunnel.
      Here is your possible config:

      ip dns view suho.local_dns
      dns forwarder 192.168.10.101
      ip dns view default
      dns forwarder 10.2.200.254
      ip dns view-list conditional
      view suho.local_dns 11
      restrict name-group 2
      view default 99

      You will have to use FQDN of your hosts on the other side of the tunnel in order for resolution to work of course. Host names without domain prefix will not do it. Unless you enter them manually with ip host command, but that would nullify the whole conditional forwarding you are trying to achieve)
      Last edited by sash11; 11th November 2015, 14:37.

      Comment

      Working...
      X