> There is indeed an RFC that provides a DHCP option for this. However, > our testing and a bunch of Google both seem to agree that the option > doesn't take a lot of effect. The root of the problem is that DHCP > clients don't tend to request that option from the DHCP server. > > The big show-stopper for us is that our VPN system (Cisco ASA with the > Anyconnect client) simply refuses to allow passing of more than a > single "default domain" to the clients. We do have a product > enhancement request in with them, but you never know what the result > will be on those sorts of things.
One of the companies I work for doesn't even go that far - They have one domain name, and when you VPN in, they don't assign you any dns suffix at all. You just have to use the complete domain name on all your requests. Logistically, I am a little curious about your problem - So I understand, your vpn client is only able to take one DNS suffix. For most situations that is enough. Do you have more than one domain name internally? (obviously, the answer is going to be yes, so we move on...) I am curious how that situation came about. Would you mind telling a little story of legacy? ;-) Since you're not having the problem internally (just on the VPN) how do you solve it internally? Is your DHCP server able to assign multiple domains to the clients? Or did you assign some sort of group policy? Or did you manually edit the network configuration of all the clients? My first thought would be - When you are configuring your VPN server, you are not strictly required to use the Cisco built-in DHCP server (which is very limited in functionality.) You could do DHCP pass-through, to a more powerful internal DHCP server, such as I think you already have, which is able to assign more than one dns suffix. Not possible? _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
