[Openvpn-users] Internal DNS server & Windows 11 behaviour

Sun, 06 Aug 2023 16:44:20 -0700 

Hello dear OpenVPN users,
Sorry to bother, but I'm facing a rather strange problem, apparently with some of my Windows 11 users. 


We use a rather classical configuration similar to what is usually 
called "split horizon DNS, but using 2 different servers:
- 1 public DNS server, on which only our public servers are declared via 
their public IP,
- 1 internal DNS server, on which several other internal machines are 
declared and on which our public servers are also known, but with a 
private IP.



The internal DNS server is pushed via the DHCP "DNS" option, and the 
resolution domain is pushed via the DOMAIN option.



So far, so good: everything works well on most of our clients: when they 
are connected to the VPN, all our internal servers are known to them, 
and the public servers are known via their private IP, which is what we 
want.



For a few Windows 11 client machines, however, things are a bit weird: 
when connected to the VPN, everything is ok for internal servers, but 
for public servers, it seems the public DNS is still used and the public 
IP takes precedence over the private IP...



At first I thought it was a problème with the "split DNS" mechanism on 
those machines, so what I tried is stop pushing the "DOMAIN" option 
(leaving only the DNS option), so as to use the internal DNS for *all* 
queries, and I set up our internal DNS server to forward requests it was 
not authoritative for.



But even in that configuration, it still does not work, and if a server 
has a public IP on the public DNS, it will be returned, instead of the 
private IP on the internal DNS.



To make things even more complicated, it sometimes seems to work 
correctly, but not very often.



I also tried setting a low metric cost to the VPN connection, in hope 
our private DNS would be sollicited instead of the public one, but to no 
avail.



I tried using OpenVPN GUI, as well as OpenVPN Connect and could see no 
difference.


Am I doing something wrong, or has someone else seen such a behaviour ?

Thanks for any answer, hint or whatever !

Regards,

Bruno


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to