Allow DNS resolution from another network 1

[fandabbydosey]

Hello,

I currently have a Win2k3 server serving DNS requests on its own network 192.168.0.1 > 254

Because of the way my ISP setup the routers and ADSL I have another network 192.168.1.0 > 182.168.1.254
for external VPN traffic only.

I applied persistent records into the route tables on the servers located on the 192.168.0 network pointing to the 192.168.1 network, so that if anyone connecting via VPN on the 192.168.1 network can see the servers on the 192.168.0 network.

But they can only see the servers if they use their IP addresses 192.168.0.1 etc etc.

The VPN clients are not getting an DNS resolution.

How can I get the clients that are connecting into the network of 192.168.1 name resolution for the 192.168.0 network?

I think I need to tell my DNS server on 192.168.0 network to allow requests from clients connected 192.168.1 network, but not sure on how to do this.

Or is there another way?

Thanks in advance.
Fandab

 

[adamroof]

what vpn client are u using? Is this an always on VPN or an on demand connection?

If on demand and only host at a time, modify their hosts file adding your network.

c:\windows\system32\drivers\etc\hosts
-------------------------------------
localhost 127.0.0.1
myserver 192.168.0.1
myworksta 192.168.0.22
mymailsrv 192.168.0.25

ive seen options for NetBIOS passthrough needing to be set on the vpns. Can also set the info below to the workstations

W2K3 DNS
Pri - 192.168.0.1
Sec - 192.168.1.0

reversed for other server

 

[fandabbydosey]

Hi,

Im using Cisco System VPN client 4.6.04.0043

My DNS Servers on 192.168.0 are 192.168.0.1 / 192.168.0.2

Im not familiar with modifying the hosts file, could you tell me the exact text to apply to define the above DNS servers please.

Thanks
Fandab

 

[adamroof]

open the file "hosts" (it has no extension) with notepad on the workstations on other end of vpn. looks like this...


c:\windows\system32\drivers\etc\hosts

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
192.168.0.25 	mymailserver

the hosts file is a local dns server of sorts, and this file is a target for a lot of viruses and popups and hijacks, so it usually "should" have only the localhost entry


have u tried entering a secondary dns into the workstations?
so per example...

vpn workstation

192.168.5.100 (dhcp ip from their routers)
192.168.5.1 (their router ip gateway)
192.168.5.1 (their primarty dns assigned via dhcp)
192.168.0.1 (add this as a sec dns manually to them)

 

[adamroof]

fyi...the hosts file would have to be done on each vpn client computer. the client u are using has a NetBIOS vulnerability reported by cisco and could have been off by default. I think u can setup your policy to have the information you need for the clients when they connect so it can be a global setting instead of local. I'll check into it and post back if i can find some policies that will help u.