OpenVPN Support Forum

Hello,
in our setup the dynamic DNS updates for the windows clients on the DNS-Server wont work.
We use Windows 10 with AD/DNS and the v3 Client. We dont force all traffic through the Server and added many DNS resolution zones.

We've got 2 problems left:

1. It wont update automatically
We added "register-dns" in the Client-Configuration. Nothing happens.
Manual with "ipconfig /registerdns" it updates as intended.

2. The updated IP is from the wrong adapter
The updated IP isnt the IP from the VPN-Adapter. Instead it uses the IP from the local networkadapter for the DNS-Record.
How can this be fixed?
If we look at the details in the TAP-Network-Adapter its setup with static IP but without any entry. So we cant enable the "Register this connections addresses in DNS" under the advanced options. Alternatively are there any powershellscripts as the connection is established with function like this:
https://docs.microsoft.com/en-us/window ... dfrom=MSDN

Are there any possibilitys to solve this issue?

Thanks for help!

Hi marc,

You posted this in the Access Server forum, so I assume you must be using Access Server. AS does not support --register-dns out of the box. To do that you would need an RFC 2136-compliant nameserver running on (or reachable by) the AS host. And then you'd have to configure that nameserver to allow the client updates.

The OpenVPN Cloud service has an integrated DNS component, but I don't know if it can accept RFC 2136 dynamic DNS updates. I would think it would not. But it might have other ways of accomplishing what you want to achieve.

regards, rob0

openvpn_inc wrote: ↑

Mon Apr 04, 2022 5:42 pm

Hi marc,

You posted this in the Access Server forum, so I assume you must be using Access Server. AS does not support --register-dns out of the box. To do that you would need an RFC 2136-compliant nameserver running on (or reachable by) the AS host. And then you'd have to configure that nameserver to allow the client updates.

The OpenVPN Cloud service has an integrated DNS component, but I don't know if it can accept RFC 2136 dynamic DNS updates. I would think it would not. But it might have other ways of accomplishing what you want to achieve.

regards, rob0

Thx for the reply!
Yes we got the Access Server and we run on a Domain so we use Windows-DNS-Server. The server is reachable from the AS-Server. The DNS-Server allow client updates. Before the AS we used the openvpn-community edition. It works fine with that. So the AS server must be work too?
What are we missing?

marcapo wrote: ↑

Mon Apr 04, 2022 6:59 pm

Yes we got the Access Server and we run on a Domain so we use Windows-DNS-Server. The server is reachable from the AS-Server. The DNS-Server allow client updates. Before the AS we used the openvpn-community edition. It works fine with that. So the AS server must be work too?

Hi marc,

No, openvpn community software also does not support --register-dns out of the box. It is far simpler than Access Server; it only has the VPN component. It also does not provide integrated DNS software.

I guess what happened before is that your VPN client RFC 2136 address update queries were being received and accepted by the Windows nameserver before.

marcapo wrote: ↑

Mon Apr 04, 2022 6:59 pm

What are we missing?

A possible reason why Access Server's behavior might be different is that it defaults to NAT. If you change it to use routing, and Access Server can reach the routed network, and the routed network's gateway knows how to reach the VPN IP address netblock(s), it might start working. Assuming of course that the Windows nameserver will receive and process those update queries. It also must be told what netblocks it serves.

https://openvpn.net/access-server-manua ... -settings/
https://openvpn.net/vpn-server-resource ... to-routing
https://openvpn.net/vpn-server-resource ... ss-server/

regards, rob0