Forum Discussion
VPN Connected Machines are registering incorrect IP address in our DNS
Hi All,
This is no longer a problem for us, but it is not because of a simple solution or checkbox. Basically the inability to fix this issue caused us to completely redo the way we register dynamic records in DNS.
To try and get a handle on this issue we went with a managed DNS environment using a service account to register all DHCP clients in DNS on behalf of the client itself. Then we applied Group Policy to all our workstations which disallowed them from registering themselves in DNS. This worked well in that it stopped us having multiple DNS records for a single machine (Wi-Fi, Wired, and VPN). The problem we then ran into, predictably, was that since we had disallowed our workstations to register themselves in DNS and instead had the DHCP server do it on their behalf, machines that were coming through VPN no longer registered in DNS at all, since they were getting addresses from a pool on the BIG-IP and not our DHCP server. We went from having multiple DNS entries for a VPN connected computer to having none.
While looking for a solution for this issue, we ran across the following page: https://devcentral.f5.com/s/articles/APM-DHCP-Access-Policy-Example-and-Detailed-Instructions .
This solution allows VPN clients to get an IP address from our DHCP server rather than from a local IP address pool on the BIG-IP.
The end result is that any machine that logs in through the VPN gets an address from our DHCP server, which then registers that address in our DNS. None of the other NICs on the connecting machine are registered since the machine itself is not allowed to register itself in DNS.
The combination of having a managed DNS implementation and using our own DHCP server to grant leases to machines connecting via VPN has resolved the issue for us, but it was a long slog.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com