This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN external and internal DNS requests

Hello,

I haven't understood the DNS settings yet.

What I want to achieve:

  • VPN clients should ask company DNS servers for all names host.company.com.
  • VPN clients should ask their "local" DNS server for all other names.

My problem is:
When I connect to VPN in Windows 10 it seems that every DNS request is sent to company DNS-Servers.


In UTM I configured following:

1) Network Services => DNS => Global
   Allowed Networks => <Company IP-Range for VPN clients> (XX.YY.1.0/24)

2) Network Services => DNS => Forwarders
   <dns1.company.com>
   <dns2.company.com>
 
3) Network Services => DNS => Request Routing
   Domain = company.com
   Target Servers = <dns1.company.com>, <dns2.company.com>

4) Remote Access => Advanced
   DNS server #1 = <dns1.company.com>
   DNS server #2 = <dns2.company.com>
   Domain = company.com



The client output of ipconfig /all is (I shortened it.):

Ethernet-Adapter Ethernet 2:

   Connection-specific DNS-Suffix    : company.com
   Description . . . . . . . . . . . : Sophos SSL VPN Adapter
   ...
   IPv4-Adress   . . . . . . . . . . : XX.YY.1.21(Preferred)
   Subnet mask   . . . . . . . . . . : 255.255.255.0
   DNS-Servers . . . . . . . . . . . : <dns1.company.com>
                                       <dns2.company.com>
   Primary WINS-Server. .  . . . . . : <wins1.company.com>
   Secondary WINS-Server. . .  . . . : <wins2.company.com>
   ...

Ethernet-Adapter Ethernet:

   Connection-specific DNS-Suffix    : fritz.box
   Description. . . . .  . . . . . . : Realtek PCIe GBE Family Controller
   ...
   IPv4-Adress   . . . . . . . . . . : 192.168.99.102(Preferred)
   Subnet mask   . . . . . . . . . . : 255.255.255.0
   ...
   Default Gateway . . . . . . . . . : 192.168.99.1
   DHCP-Server . . . . . . . . . . . : 192.168.99.1
   DHCPv6-IAID . . . . . . . . . . . : 153888727
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-25-DA-1A-A3-2C-27-D7-3F-EF-7B
   DNS-Server  . . . . . . . . . . . : 192.168.99.1
   NetBIOS über TCP/IP . . . . . . . : Aktiviert
   


What am I missing?


Thanks
Stefan



This thread was automatically locked due to age.
Parents Reply Children