cancel
Showing results for 
Search instead for 
Did you mean: 

Configure DNS for VPN

The-messenger
Cirrus
Cirrus

I have web developers that are not using fully qualified server names for internal websites. I need help configuring VPN network access to find these sites. What am I doing wrong? I can access the webserver with the fqdn, but I cannot access it with the non-fqdn.

Below is an example of how I have DNS/Hosts configured at:

Access  ››  Connectivity / VPN : Network Access (VPN) : Network Access Lists :[VPN-Name]

 

IPV4 Primary Name Server 10.196.1.50 IPV4 Secondary Name Server 10.296.1.50 Primary WINS Server Not used Secondary WINS Server Not used DNS Default Domain Suffix lcoalhost intenaldomain.local Register this connection's addresses in DNS Note Enabled Use this connection's DNS suffix in DNS registration Not Enabled Enforce DNS search order  Enabled Static Hosts                           [intenralservername.fqdn]/10.196.1.40                                                                          [internalservername}/10.196.1.40                                                         
6 REPLIES 6

The-messenger
Cirrus
Cirrus

Answer I've found is to get the website bound to a FQDN, then DNS works as expected.

Have you reviewed your split-dns config on the F5 device as you may have configured to route the FQDN to the Big-IP device but not the Ip address?:

 

 

https://support.f5.com/csp/article/K92105136

 

https://support.f5.com/csp/article/K55104964

 

https://support.f5.com/csp/article/K10137733

 

 

 

 

Also do tcpdump to confirm if the traffic is send to the f5 devices when accessing the Ip addresses by IP address:

 

 

https://support.f5.com/csp/article/K13301

Torti
Altostratus
Altostratus

Look into the detailed ip configuration at the edge client.

There you should see that "intenaldomain.local" isn't in the dns suffix search list.

You can choose: 1. place the domain "intenaldomain.local" on the first position under " DNS Default Domain Suffix" or 2. remove localhost from the list.

The list doesn't support more than one DNS Default Domain Suffix.

After that, it should be possible to reach the hostname without fqdn with the browser.

Torti
Altostratus
Altostratus

Does anybody know, how to setup the DNS search list for the edge client? So that it work with the command line in windows and with multiple domains?

At the moment the search suffix list on the client is allways empty. Only the default suffx will be set by the first entry under "DNS Default Domain Suffix".

If you use the command line, then you cannot find hostnames without fqdn.

Please read as it may help you also see hat you have the DNS proxy service installed and change your Widows req keys:

 

https://support.f5.com/csp/article/K72735781

Thanks! Now, its working fine. Only the "Enforce DNS Search Order" Option wasn't activated. With it, every entry from "DNS Default Domain Suffix" is in the search list and you can find hostnames without fqdn.