Client dynamic DNS Update wont work

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
marcapo
OpenVpn Newbie
Posts: 6
Joined: Fri Jan 29, 2021 8:43 am

Client dynamic DNS Update wont work

Post by marcapo » Mon Apr 04, 2022 1:55 pm

Hello,
in our setup the dynamic DNS updates for the windows clients on the DNS-Server wont work.
We use Windows 10 with AD/DNS and the v3 Client. We dont force all traffic through the Server and added many DNS resolution zones.

We've got 2 problems left:

1. It wont update automatically
We added "register-dns" in the Client-Configuration. Nothing happens.
Manual with "ipconfig /registerdns" it updates as intended.

2. The updated IP is from the wrong adapter
The updated IP isnt the IP from the VPN-Adapter. Instead it uses the IP from the local networkadapter for the DNS-Record.
How can this be fixed?
If we look at the details in the TAP-Network-Adapter its setup with static IP but without any entry. So we cant enable the "Register this connections addresses in DNS" under the advanced options.

Code: Select all

Caption                                                DomainDNSRegistrationEnabled
[00000017] TAP-Windows Adapter V9 for OpenVPN Connect  FALSE

Caption                                                FullDNSRegistrationEnabled
[00000017] TAP-Windows Adapter V9 for OpenVPN Connect  TRUE
Alternatively are there any powershellscripts as the connection is established with function like this:
https://docs.microsoft.com/en-us/window ... dfrom=MSDN

Are there any possibilitys to solve this issue?

Thanks for help!
Top
User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Client dynamic DNS Update wont work

Post by openvpn_inc » Mon Apr 04, 2022 5:42 pm

Hi marc,

You posted this in the Access Server forum, so I assume you must be using Access Server. AS does not support --register-dns out of the box. To do that you would need an RFC 2136-compliant nameserver running on (or reachable by) the AS host. And then you'd have to configure that nameserver to allow the client updates.

The OpenVPN Cloud service has an integrated DNS component, but I don't know if it can accept RFC 2136 dynamic DNS updates. I would think it would not. But it might have other ways of accomplishing what you want to achieve.

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Top
marcapo
OpenVpn Newbie
Posts: 6
Joined: Fri Jan 29, 2021 8:43 am

Re: Client dynamic DNS Update wont work

Post by marcapo » Mon Apr 04, 2022 6:59 pm

openvpn_inc wrote:
Mon Apr 04, 2022 5:42 pm
 Hi marc,

You posted this in the Access Server forum, so I assume you must be using Access Server. AS does not support --register-dns out of the box. To do that you would need an RFC 2136-compliant nameserver running on (or reachable by) the AS host. And then you'd have to configure that nameserver to allow the client updates.

The OpenVPN Cloud service has an integrated DNS component, but I don't know if it can accept RFC 2136 dynamic DNS updates. I would think it would not. But it might have other ways of accomplishing what you want to achieve.

regards, rob0
Thx for the reply!
Yes we got the Access Server and we run on a Domain so we use Windows-DNS-Server. The server is reachable from the AS-Server. The DNS-Server allow client updates. Before the AS we used the openvpn-community edition. It works fine with that. So the AS server must be work too?
What are we missing?
Top
User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Client dynamic DNS Update wont work

Post by openvpn_inc » Sat Apr 09, 2022 2:58 pm

marcapo wrote:
Mon Apr 04, 2022 6:59 pm
 Yes we got the Access Server and we run on a Domain so we use Windows-DNS-Server. The server is reachable from the AS-Server. The DNS-Server allow client updates. Before the AS we used the openvpn-community edition. It works fine with that. So the AS server must be work too?
Hi marc,

No, openvpn community software also does not support --register-dns out of the box. It is far simpler than Access Server; it only has the VPN component. It also does not provide integrated DNS software.

I guess what happened before is that your VPN client RFC 2136 address update queries were being received and accepted by the Windows nameserver before.
marcapo wrote:
Mon Apr 04, 2022 6:59 pm
 What are we missing?
A possible reason why Access Server's behavior might be different is that it defaults to NAT. If you change it to use routing, and Access Server can reach the routed network, and the routed network's gateway knows how to reach the VPN IP address netblock(s), it might start working. Assuming of course that the Windows nameserver will receive and process those update queries. It also must be told what netblocks it serves.

https://openvpn.net/access-server-manua ... -settings/
https://openvpn.net/vpn-server-resource ... to-routing
https://openvpn.net/vpn-server-resource ... ss-server/

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Top
Post Reply

Return to “The OpenVPN Access Server”