DNS over OpenVPN doesn't reply for internal hosts

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Giazzi
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 27, 2020 1:23 pm

DNS over OpenVPN doesn't reply for internal hosts

Post by Giazzi » Tue Oct 27, 2020 1:44 pm

Hello!
I'm having a really strange problem with DNS when connected thru OpenVPN :(
The OPENVPN server is an EdgeRouter, DNS server is a WS2012 machine.

When I'm connected the DNS server is replaced with the remote one (192.168.0.10) but for some reason it seems to reply correctly only at queries that asks for "external" destinations (for example google.com) but not internal ones (for example "fileserver", one of our servers).

Here's an example, captured with wireshark (I removed IPs and domain name):

Code: Select all

No.,"Time","Source","Destination","Protocol","Length","Info"
1,"0.000000","172.16.1.2","192.168.0.10","DNS","85","Standard query 0x0001 PTR 10.0.168.192.in-addr.arpa"
2,"0.096566","192.168.0.10","172.16.1.2","DNS","220","Standard query response 0x0001 PTR 10.0.168.192.in-addr.arpa PTR dc.domain.local"
3,"0.104897","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0002 A google.com"
4,"0.176800","192.168.0.10","172.16.1.2","DNS","158","Standard query response 0x0002 A google.com A 216.58.209.46"
5,"0.182976","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0003 AAAA google.com"
6,"0.296723","192.168.0.10","172.16.1.2","DNS","182","Standard query response 0x0003 AAAA google.com AAAA 2a00:1450:4002:809::200e"
7,"3.139653","172.16.1.2","192.168.0.10","DNS","85","Standard query 0x0001 PTR 10.0.168.192.in-addr.arpa"
8,"3.216795","192.168.0.10","172.16.1.2","DNS","220","Standard query response 0x0001 PTR 10.0.168.192.in-addr.arpa PTR dc.domain.local"
9,"3.227870","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0002 A fileserver"
10,"3.304453","192.168.0.10","172.16.1.2","DNS","126","Standard query response 0x0002 Server failure A fileserver"
11,"3.305028","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0003 AAAA fileserver"
12,"3.376944","192.168.0.10","172.16.1.2","DNS","126","Standard query response 0x0003 Server failure AAAA fileserver"
"Google.com" is translated fine, "fileserver" fails! On a local PC the same query works with no problem.

Here is the OVPN file I'm using for clients:
Client config
client
dev tun
proto udp
remote xxxxxxxxxx 1194
float
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
dhcp-option DNS 192.168.0.10
register-dns
block-outside-dns
ca cacert.pem
cert xxxxxxxxxx.pem
key xxxxxxxxxx.key


Any help would be greatly appreciated :mrgreen:
Last edited by Pippin on Tue Oct 27, 2020 2:03 pm, edited 1 time in total.
Reason: Formatting
Top
300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: DNS over OpenVPN doesn't reply for internal hosts

Post by 300000 » Tue Oct 27, 2020 2:14 pm

so you want the same access as lan on local domain? sometime on vpn people use split dns to make it work on external access and vpn access .
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS over OpenVPN doesn't reply for internal hosts

Post by TinCanTech » Tue Oct 27, 2020 3:20 pm

This has nothing to do with openvpn.
Top
User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: DNS over OpenVPN doesn't reply for internal hosts

Post by Pippin » Tue Oct 27, 2020 3:27 pm

Indeed, connection works, problem is DNS.
Moving to off topic.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Top
Giazzi
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 27, 2020 1:23 pm

Re: DNS over OpenVPN doesn't reply for internal hosts

Post by Giazzi » Sun Nov 01, 2020 10:46 pm

Hello everyone!
I can confirm that if in place of querying "fileserver" I ask for "fileserver.DOMAIN.local" it works, so it's mainly my configuration of WS DNS service! But still there's something that doesnt work with OpenVPN Connect.

I tried to add to my OVPN the line "dhcp-option DOMAIN xxxx.local" but doing so breaks the DNS registration in Windows, without that option when I connect the DNS server is automatically replaced with the one I chose with the "dhcp-option DNS" line.

To be more precise witohut the DOMAIN option the DNS shows as follow:

Code: Select all

Server DNS . . . . . . . . . . . . .  : 192.168.0.10
With it in place it shows as:

Code: Select all

   Server DNS . . . . . . . . . . . . .  : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
Do you guys have the same issue? Is it something I'm doing wrong?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS over OpenVPN doesn't reply for internal hosts

Post by TinCanTech » Sun Nov 01, 2020 11:15 pm

Giazzi wrote:
Sun Nov 01, 2020 10:46 pm
 But still there's something that doesnt work with OpenVPN Connect
OpenVPN Connect is a closed source product which we don't support here.
Top
Giazzi
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 27, 2020 1:23 pm

Re: DNS over OpenVPN doesn't reply for internal hosts

Post by Giazzi » Mon Nov 02, 2020 12:06 am

TinCanTech wrote:
Sun Nov 01, 2020 11:15 pm
Giazzi wrote:
Sun Nov 01, 2020 10:46 pm
 But still there's something that doesnt work with OpenVPN Connect
OpenVPN Connect is a closed source product which we don't support here.
I'm such a noob... I supposed Connect was just a "user-friendly" version of Community :lol:

Uninstalled Connect, downloaded Community version and.... IT WORKS! :mrgreen: I had to change nothing in the config or on the EdgeRouter... it just works!

Thank you very much TinCan... you literally saved my a$$ :shock:
Top
Post Reply

Return to “Off Topic, Related”