DNS search order is reversed on the DHCP client when you use a VPN to connect to RRAS
When I connect a Windows 7 Professional VPN client to a Windows SBS 2008 RRAS server the vpn search order is reversed causing local lookups to fail. My server has three DNS servers given out through DHCP; the first one is local and the other two are OpenDNS public DNS servers. Once the VPN client in Windows 7 connects it can't locate resources over the vpn becaue it is trying to query the OpenDNS servers instead of the local dns server which is now listed last. This problem is well documented in Microsoft Operating Systems since Windows 2000: http://support.microsoft.com/kb/840629 http://support.microsoft.com/kb/958551 Upon calling Microsoft support I was told that no hotfix was available for Windows 7 to address this issue. Help!
March 31st, 2010 8:55pm

Hi, Thank you for posting here. After connecting to the RRAS server, please ensure the client can access the local DNS server. In addition, I would like to share the following with you: Microsoft TCP/IP Host Name Resolution Order Hope this helps. Thanks. Nicholas Li - MSFT
Free Windows Admin Tool Kit Click here and download it now
April 6th, 2010 6:28am

This is not a Windows 7 issue, this is a DNS and DHCP configuration issue. You have 3 DNS servers 1 for internal and 2 external. Remove the two OpenDNS from the DHCP and just use the one internal. Add the OpenDNS servers to the forwarders in the DNS. This will forward all other queries outside your domain to these servers.MCP: WIndows XP MCP: SMS 2003
April 6th, 2010 4:57pm

After connecting to the RRAS server, the client can connect to the local DNS server, but it doesn't query that server for DNS because there are two other DNS servers listed before it. If I remove the two OpenDNS servers from my DHCP configuration everything works fine. The problem with that is if my local DNS server is ever unavailable (rebooting, etc) then my DHCP clients have no internet access because they can't resolve DNS lookups, thus the OpenDNS servers in the configuration in the first place. As posted in my original post this is a known issue that has patches for Windows 2000, Windows XP, Windows Vista, and Windows Server 2008, but nothing for Windows 7 yet.
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2010 6:03pm

Hi, On your RRAS server add the following key Type Dword32 Name SuppressDNSNameServers Location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP value 1. Restart the RRAS service and try again. If possible reboot and then test. You should get ips in the order you want them to be in. Regards
July 21st, 2010 8:52pm

Hi, On your RRAS server add the following key Type Dword32 Name SuppressDNSNameServers Location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP value 1. Restart the RRAS service and try again. If possible reboot and then test. You should get ips in the order you want them to be in. Regards This works to correct the DNS search order; however it has the side affect of an nslookup responding with "Unknown" as the DNS server name. The lookup result are correct though. I haven't come across any scenario where this little side affect causes any problems.
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2011 5:36pm

Hi, On your RRAS server add the following key Type Dword32 Name SuppressDNSNameServers Location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\IP value 1. Restart the RRAS service and try again. If possible reboot and then test. You should get ips in the order you want them to be in. Regards Wow thank you. Been looking for days for a reason why my VPN client wouldn't perform lookups. Finally I scratched my head about the reverse DNS list and googled it to find this. Worked for me, no reboot required. Win7 Pro 32-bit client Server 2008 Enterprise 64-bit RRAS Server P.S. Didn't work the first time I tried it. It helps to spell Suppress correctly -_-
July 14th, 2011 5:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics