dns problem on w2003 vpn

Good day,

I have this scenario - three servers: linux as internet router, Windows2003
as domain controller (with DNS server) and second Windows2003 as VPN server.
The VPN server is not directly connected to the internet, it only serves as
VPN access server - it's hidden behind a NAT on the linux router. Everything
works fine - I can connect to the VPN from internet, from the remote client
I can see all computers inside the company, dns works fine.

The problem is on the opposite way - I cannot access the remote computer
from the intranet using its name. I can only access it using the IP address.
It seems to me, that it does not register the name in the DNS. Is there any
way to do this?

I have set the VPN server to use DHCP, when I looked into the DHCP (that
runs on the domain controller) there are some leases for the VPN but with
name of the VPN server - it seems that the VPN server asks for some
addresses and then when it receives connection it uses one of that leases.
Is it possible to force the VPN server not to ask for the address, but let
the VPN client ask for the address itself - i think that then it will
register to the DNS, am I right?

Martin

You can probably get the client to register in DNS by fiddling with the
client settings (and perhaps the security settings), but what DNS zone would
you register it with? If you have lots of remote clients, it might be worth
setting up a special DNS zone for them. Then all the remotes currently
connected would have entries in that zone (say remotes.mydomain.whatever).

"Martin Zizka" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Good day,
>
> I have this scenario - three servers: linux as internet router,
> Windows2003 as domain controller (with DNS server) and second Windows2003
> as VPN server. The VPN server is not directly connected to the internet,
> it only serves as VPN access server - it's hidden behind a NAT on the
> linux router. Everything works fine - I can connect to the VPN from
> internet, from the remote client I can see all computers inside the
> company, dns works fine.
>
> The problem is on the opposite way - I cannot access the remote computer
> from the intranet using its name. I can only access it using the IP
> address. It seems to me, that it does not register the name in the DNS. Is
> there any way to do this?
>
> I have set the VPN server to use DHCP, when I looked into the DHCP (that
> runs on the domain controller) there are some leases for the VPN but with
> name of the VPN server - it seems that the VPN server asks for some
> addresses and then when it receives connection it uses one of that leases.
> Is it possible to force the VPN server not to ask for the address, but let
> the VPN client ask for the address itself - i think that then it will
> register to the DNS, am I right?
>
> Martin
>

"Martin Zizka" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> Good day,
>
> I have this scenario - three servers: linux as internet router, Windows2003
> as domain controller (with DNS server) and second Windows2003 as VPN server.
> The VPN server is not directly connected to the internet, it only serves as
> VPN access server - it's hidden behind a NAT on the linux router. Everything
> works fine - I can connect to the VPN from internet, from the remote client
> I can see all computers inside the company, dns works fine.
>
> The problem is on the opposite way - I cannot access the remote computer
> from the intranet using its name. I can only access it using the IP address.
> It seems to me, that it does not register the name in the DNS. Is there any
> way to do this?
>
> I have set the VPN server to use DHCP, when I looked into the DHCP (that
> runs on the domain controller) there are some leases for the VPN but with
> name of the VPN server - it seems that the VPN server asks for some
> addresses and then when it receives connection it uses one of that leases.
> Is it possible to force the VPN server not to ask for the address, but let
> the VPN client ask for the address itself - i think that then it will
> register to the DNS, am I right?
>
> Martin

You need to add an A record to your DNS which will associate a name to
the IP address.

Well, but I cannot add an entry when I don't know the IP adress. The VPN
server assigns to client any address from its pool, so each time I access
the VPN I got unique IP.

"Ryan" <(E-Mail Removed)> píse v diskusním príspevku
news:(E-Mail Removed) om...
> "Martin Zizka" <(E-Mail Removed)> wrote in message
> news:<(E-Mail Removed)>...
>> Good day,
>>
>> I have this scenario - three servers: linux as internet router,
>> Windows2003
>> as domain controller (with DNS server) and second Windows2003 as VPN
>> server.
>> The VPN server is not directly connected to the internet, it only serves
>> as
>> VPN access server - it's hidden behind a NAT on the linux router.
>> Everything
>> works fine - I can connect to the VPN from internet, from the remote
>> client
>> I can see all computers inside the company, dns works fine.
>>
>> The problem is on the opposite way - I cannot access the remote computer
>> from the intranet using its name. I can only access it using the IP
>> address.
>> It seems to me, that it does not register the name in the DNS. Is there
>> any
>> way to do this?
>>
>> I have set the VPN server to use DHCP, when I looked into the DHCP (that
>> runs on the domain controller) there are some leases for the VPN but with
>> name of the VPN server - it seems that the VPN server asks for some
>> addresses and then when it receives connection it uses one of that
>> leases.
>> Is it possible to force the VPN server not to ask for the address, but
>> let
>> the VPN client ask for the address itself - i think that then it will
>> register to the DNS, am I right?
>>
>> Martin
>
> You need to add an A record to your DNS which will associate a name to
> the IP address.

There are about 20 clients that use the VPN connection. Well do you know how
to "fiddle with the client settings"? The only option that has anything to
do with the DNS is in advanced setting of TCP/IP where is something like
"register addresses of this connection in DNS system"... I've checked that,
but nothing has changed.

Martin

"Bill Grant" <not.available@online> pí¹e v diskusním pøíspìvku
news:uI$$(E-Mail Removed)...
> You can probably get the client to register in DNS by fiddling with the
> client settings (and perhaps the security settings), but what DNS zone
> would you register it with? If you have lots of remote clients, it might
> be worth setting up a special DNS zone for them. Then all the remotes
> currently connected would have entries in that zone (say
> remotes.mydomain.whatever).
>
> "Martin Zizka" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Good day,
>>
>> I have this scenario - three servers: linux as internet router,
>> Windows2003 as domain controller (with DNS server) and second Windows2003
>> as VPN server. The VPN server is not directly connected to the internet,
>> it only serves as VPN access server - it's hidden behind a NAT on the
>> linux router. Everything works fine - I can connect to the VPN from
>> internet, from the remote client I can see all computers inside the
>> company, dns works fine.
>>
>> The problem is on the opposite way - I cannot access the remote computer
>> from the intranet using its name. I can only access it using the IP
>> address. It seems to me, that it does not register the name in the DNS.
>> Is there any way to do this?
>>
>> I have set the VPN server to use DHCP, when I looked into the DHCP (that
>> runs on the domain controller) there are some leases for the VPN but with
>> name of the VPN server - it seems that the VPN server asks for some
>> addresses and then when it receives connection it uses one of that
>> leases. Is it possible to force the VPN server not to ask for the
>> address, but let the VPN client ask for the address itself - i think that
>> then it will register to the DNS, am I right?
>>
>> Martin
>>
>
>

Which is why you need to have the client register itself in DNS. In the
connection properties of the client, check that you have a valid DNS suffix
defined and tick the "register this connection in DNS". Check that the
client is receiving the correct DNS address at connection.

If the client doesn't register, it is probably a security setting
somewhere preventing it, and you should get an entry in the event log.

"Martin Zizka" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Well, but I cannot add an entry when I don't know the IP adress. The VPN
> server assigns to client any address from its pool, so each time I access
> the VPN I got unique IP.
>
> "Ryan" <(E-Mail Removed)> píse v diskusním príspevku
> news:(E-Mail Removed) om...
>> "Martin Zizka" <(E-Mail Removed)> wrote in message
>> news:<(E-Mail Removed)>...
>>> Good day,
>>>
>>> I have this scenario - three servers: linux as internet router,
>>> Windows2003
>>> as domain controller (with DNS server) and second Windows2003 as VPN
>>> server.
>>> The VPN server is not directly connected to the internet, it only serves
>>> as
>>> VPN access server - it's hidden behind a NAT on the linux router.
>>> Everything
>>> works fine - I can connect to the VPN from internet, from the remote
>>> client
>>> I can see all computers inside the company, dns works fine.
>>>
>>> The problem is on the opposite way - I cannot access the remote computer
>>> from the intranet using its name. I can only access it using the IP
>>> address.
>>> It seems to me, that it does not register the name in the DNS. Is there
>>> any
>>> way to do this?
>>>
>>> I have set the VPN server to use DHCP, when I looked into the DHCP (that
>>> runs on the domain controller) there are some leases for the VPN but
>>> with
>>> name of the VPN server - it seems that the VPN server asks for some
>>> addresses and then when it receives connection it uses one of that
>>> leases.
>>> Is it possible to force the VPN server not to ask for the address, but
>>> let
>>> the VPN client ask for the address itself - i think that then it will
>>> register to the DNS, am I right?
>>>
>>> Martin
>>
>> You need to add an A record to your DNS which will associate a name to
>> the IP address.
>
>

Yes, I do have this set on the client side, but even then it doesnot work.
I've checked eventlogs on client and server - on the client is only
notification about sucess connection in System log and on the server is
notification about connection in the Security log - there are only
information about type of the connection, privileges and account that is
trying to logon. But no error nor any warning anywhere.

"Bill Grant" <not.available@online> pí¹e v diskusním pøíspìvku
news:(E-Mail Removed)...
> Which is why you need to have the client register itself in DNS. In the
> connection properties of the client, check that you have a valid DNS
> suffix defined and tick the "register this connection in DNS". Check that
> the client is receiving the correct DNS address at connection.
>
> If the client doesn't register, it is probably a security setting
> somewhere preventing it, and you should get an entry in the event log.
>
> "Martin Zizka" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Well, but I cannot add an entry when I don't know the IP adress. The VPN
>> server assigns to client any address from its pool, so each time I access
>> the VPN I got unique IP.
>>
>> "Ryan" <(E-Mail Removed)> píse v diskusním príspevku
>> news:(E-Mail Removed) om...
>>> "Martin Zizka" <(E-Mail Removed)> wrote in message
>>> news:<(E-Mail Removed)>...
>>>> Good day,
>>>>
>>>> I have this scenario - three servers: linux as internet router,
>>>> Windows2003
>>>> as domain controller (with DNS server) and second Windows2003 as VPN
>>>> server.
>>>> The VPN server is not directly connected to the internet, it only
>>>> serves as
>>>> VPN access server - it's hidden behind a NAT on the linux router.
>>>> Everything
>>>> works fine - I can connect to the VPN from internet, from the remote
>>>> client
>>>> I can see all computers inside the company, dns works fine.
>>>>
>>>> The problem is on the opposite way - I cannot access the remote
>>>> computer
>>>> from the intranet using its name. I can only access it using the IP
>>>> address.
>>>> It seems to me, that it does not register the name in the DNS. Is there
>>>> any
>>>> way to do this?
>>>>
>>>> I have set the VPN server to use DHCP, when I looked into the DHCP
>>>> (that
>>>> runs on the domain controller) there are some leases for the VPN but
>>>> with
>>>> name of the VPN server - it seems that the VPN server asks for some
>>>> addresses and then when it receives connection it uses one of that
>>>> leases.
>>>> Is it possible to force the VPN server not to ask for the address, but
>>>> let
>>>> the VPN client ask for the address itself - i think that then it will
>>>> register to the DNS, am I right?
>>>>
>>>> Martin
>>>
>>> You need to add an A record to your DNS which will associate a name to
>>> the IP address.
>>
>>
>
>

That is odd. I would expect a message about the DNS failure to register. I
have used this method in a small test network and the clients registerd when
they connected (and the entry was removed from DNS when the connection
closed).

"Martin Zizka" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yes, I do have this set on the client side, but even then it doesnot work.
> I've checked eventlogs on client and server - on the client is only
> notification about sucess connection in System log and on the server is
> notification about connection in the Security log - there are only
> information about type of the connection, privileges and account that is
> trying to logon. But no error nor any warning anywhere.
>
> "Bill Grant" <not.available@online> pí¹e v diskusním pøíspìvku
> news:(E-Mail Removed)...
>> Which is why you need to have the client register itself in DNS. In the
>> connection properties of the client, check that you have a valid DNS
>> suffix defined and tick the "register this connection in DNS". Check that
>> the client is receiving the correct DNS address at connection.
>>
>> If the client doesn't register, it is probably a security setting
>> somewhere preventing it, and you should get an entry in the event log.
>>
>> "Martin Zizka" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Well, but I cannot add an entry when I don't know the IP adress. The VPN
>>> server assigns to client any address from its pool, so each time I
>>> access the VPN I got unique IP.
>>>
>>> "Ryan" <(E-Mail Removed)> píse v diskusním príspevku
>>> news:(E-Mail Removed) om...
>>>> "Martin Zizka" <(E-Mail Removed)> wrote in message
>>>> news:<(E-Mail Removed)>...
>>>>> Good day,
>>>>>
>>>>> I have this scenario - three servers: linux as internet router,
>>>>> Windows2003
>>>>> as domain controller (with DNS server) and second Windows2003 as VPN
>>>>> server.
>>>>> The VPN server is not directly connected to the internet, it only
>>>>> serves as
>>>>> VPN access server - it's hidden behind a NAT on the linux router.
>>>>> Everything
>>>>> works fine - I can connect to the VPN from internet, from the remote
>>>>> client
>>>>> I can see all computers inside the company, dns works fine.
>>>>>
>>>>> The problem is on the opposite way - I cannot access the remote
>>>>> computer
>>>>> from the intranet using its name. I can only access it using the IP
>>>>> address.
>>>>> It seems to me, that it does not register the name in the DNS. Is
>>>>> there any
>>>>> way to do this?
>>>>>
>>>>> I have set the VPN server to use DHCP, when I looked into the DHCP
>>>>> (that
>>>>> runs on the domain controller) there are some leases for the VPN but
>>>>> with
>>>>> name of the VPN server - it seems that the VPN server asks for some
>>>>> addresses and then when it receives connection it uses one of that
>>>>> leases.
>>>>> Is it possible to force the VPN server not to ask for the address, but
>>>>> let
>>>>> the VPN client ask for the address itself - i think that then it will
>>>>> register to the DNS, am I right?
>>>>>
>>>>> Martin
>>>>
>>>> You need to add an A record to your DNS which will associate a name to
>>>> the IP address.
>>>
>>>
>>
>>
>
>