Saturday, May 2, 2015

domain name system - Netbios lookups fail over vpn?




Over VPN clients do not seem to be using their DNS search suffix list.
When attempting to ping a netbios name, the client appends it's own domain name to the lookup.
The dns server responds that there no such name.
The client then does nothing.



From inside the LAN this works totally different.
Client appends it's own domain.
DNS server replies no such name.
Client appends next domain in search suffix list.

DNS server has a secondary zone for this domain, replies with the correct IP address.



The client can ping the resource by IP, and FQDN. Also, nslookup resolves the correct name.
It seems that only netbios lookups are failing.
Tags:
DNS, VPN, Checkpoint, Windows XP


Answer



It was dns hijacking at the ISP. The client's physical adapter was using Level 3 DNS servers. Level 3 redirects unknown records to a landing page, instead of returning no such name.
Changed the client to Comcast DNS servers. Problem solved.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...