Forum Discussion

The-messenger's avatar
The-messenger
Icon for Cirrostratus rankCirrostratus
Jun 03, 2021

Configure DNS for VPN

I have web developers that are not using fully qualified server names for internal websites. I need help configuring VPN network access to find these sites. What am I doing wrong? I can access the webserver with the fqdn, but I cannot access it with the non-fqdn.

Below is an example of how I have DNS/Hosts configured at:

Access  ››  Connectivity / VPN : Network Access (VPN) : Network Access Lists :[VPN-Name]

IPV4 Primary Name Server	10.196.1.50
IPV4 Secondary Name Server	10.296.1.50
  Primary WINS Server	Not used
  Secondary WINS Server	Not used
  DNS Default Domain Suffix	lcoalhost intenaldomain.local
  Register this connection's addresses in DNS	Note Enabled
  Use this connection's DNS suffix in DNS registration	Not Enabled
Enforce DNS search order	 Enabled
Static Hosts	

                          [intenralservername.fqdn]/10.196.1.40                                               
                          [internalservername}/10.196.1.40                                                         
  • Answer I've found is to get the website bound to a FQDN, then DNS works as expected.

  • Look into the detailed ip configuration at the edge client.

    There you should see that "intenaldomain.local" isn't in the dns suffix search list.

    You can choose: 1. place the domain "intenaldomain.local" on the first position under " DNS Default Domain Suffix" or 2. remove localhost from the list.

    The list doesn't support more than one DNS Default Domain Suffix.

    After that, it should be possible to reach the hostname without fqdn with the browser.

  • Does anybody know, how to setup the DNS search list for the edge client? So that it work with the command line in windows and with multiple domains?

    At the moment the search suffix list on the client is allways empty. Only the default suffx will be set by the first entry under "DNS Default Domain Suffix".

    If you use the command line, then you cannot find hostnames without fqdn.

    • Please read as it may help you also see hat you have the DNS proxy service installed and change your Widows req keys:

       

      https://support.f5.com/csp/article/K72735781

      • Torti's avatar
        Torti
        Icon for Altostratus rankAltostratus

        Thanks! Now, its working fine. Only the "Enforce DNS Search Order" Option wasn't activated. With it, every entry from "DNS Default Domain Suffix" is in the search list and you can find hostnames without fqdn.

  • When you set up a VPN, your DNS queries will be sent through the VPN instead of directly to your ISP. This can be helpful if you want to prevent your ISP from seeing which websites you're visiting, or if you're having problems with DNS spoofing or man-in-the-middle attacks.

    To configure DNS for your VPN, you'll need to add a few lines to your configuration file. Different VPN providers use different configuration files, so you'll need to check the documentation for your specific provider. The following example shows how to configure OpenVPN on Linux:

    client

    ; route-gateway dhcp

    ; server 10.8.0.1 255.255.255.0

    push "dhcp-option DNS 10.8.0.1"

    ; push "dhcp-option DNS 208.67.222.222"

    ; push "dhcp-option DNS 208.67.220.220"

    The first line, client, tells OpenVPN that this is a configuration file for a client. The next three lines, route-gateway dhcp, server 10.8.0.1 255.255.255.0, and push "dhcp-option DNS 10.8.0.1", tell OpenVPN to route all traffic through the VPN and to use the VPN server's DNS instead of the local DNS. The last two lines, push "dhcp-option DNS 208.67.222.222" and push "dhcp-option DNS 208.67.220.220", tell OpenVPN to use the DNS servers provided by OpenDNS.

    You can also specify static DNS servers by adding the following lines to your configuration file:

    ; push "dhcp-option DNS 10.8.0.1"

    ; push "dhcp-option DNS 208.67.222.222"

    ; push "dhcp-option DNS 208.67.220.220"

    The first line, ; push "dhcp-option DNS 10.8.0.1", tells OpenVPN to use the DNS server at 10.8.0.1. The second line, ; push "dhcp-option DNS 208.67.222.222", tells OpenVPN to use the DNS servers provided by OpenDNS. The last line, ; push "dhcp-option DNS 208.67.220.220", tells OpenVPN to use the DNS servers provided by Google Public DNS.

    After you've added the appropriate lines to your configuration file, save the file and restart OpenVPN. Your DNS queries should now be sent through the VPN.

    If you're using a different VPN provider, check the documentation to see how to configure DNS for your specific provider. You may also need to add the following line to your configuration file:

    ;ms-dns 10.8.0.1

    This line tells Windows to use the DNS server at 10.8.0.1. You'll need to add this line if you're using OpenVPN on Windows, or if you're using a different VPN provider that doesn't support push "dhcp-option DNS" in its configuration file.

    Once you've configured DNS for your VPN, you can use a tool like DNSleaktest.com to check whether your DNS queries are being sent through the VPN. If they are, you'll see the IP address of your VPN server instead of your ISP's DNS servers.

    If you're still having problems, try using a different DNS server. You can use the following public DNS servers:

    - Cloudflare: 1.1.1.1

    - Google Public DNS: 8.8.8.8

    - Quad9: 9.9.9.9

    - OpenDNS: 208.67.222.222

    You can also try using a VPN service that provides its own DNS servers, such as ExpressVPN or NordVPN.

    If you're still having problems, contact your VPN provider for more help.