DNS over VPN

We use Microsoft PPTP as our VPN solution at work. Although PPTP is not robust as a IPSEC based vpn, it is a lot easier to deploy and maintain. The biggest advantage is that most of the Microsoft OS’s (Windows 2000, XP, 98) have PPTP clients built into the OS. With IPSec, one has to deploy client software to the workstations. Recently SSL VPN‘s have made strides in the remote connectivity market and are even easier to maintain.. but that is for another post.

We had a very interesting problem with remote users trying access hosts/URLs in our network recently. We have several nodes in the network, which we publish on external and internal DNS. So users on the internal network would access the node via the internal IP address and get access to privileged areas, while public users accessing the node would be restricted to only some areas of the site. Users connecting to the office network via VPN were being directed to the external address even though their VPN was configured to use the remote gateway as the default gateway. This in theory should direct all traffic to the internal network. We scratched our heads for a while 🙂 and during the troubleshooting session discovered that the DNS of the node was resolving to the external IP address. So the workstation was using the DNS server provided by the ethernet interface rather than the PPTP interface!!!.. How do we solve this?? Well Google, to the rescue and we find this obscure article on Mircrosoft’s website, which tells you how to change the bind order of the network interfaces so that the PPTP interface is used by default. Since this is a registry change, we have to figure out a way to push this out to the workstations. But that is a story for another post :)..