topic Re: Global protect DNS name resolution. in General Topics

Global protect DNS name resolution.

ParvezAhmad — Thu, 23 Jan 2014 12:52:45 GMT

Hello Experts,

Through global protect, users are getting IP address from the pool and take network setting as defined including primary DNS and Secondary DNS.

but the users want to access servers via name(s) not IP addess(es). Since it was working before with cisco remote vpn.

Please let me know is there any setting in global protect gateway to make it functional?

Thank you.

Regards,

Parvez

Re: Global protect DNS name resolution.

_slv_ — Thu, 23 Jan 2014 13:27:45 GMT

Hello Parvez

In my opinion it isn't GP issue. Please use in GP configuration your local DNS servers, servers that are able to resolve name of servers that are want to use by your users.

Maybe you miss security policy that allow DNS traffic from zone VPN to zone where are Your DNS sererwers?

Regards

Slawek

Re: Global protect DNS name resolution.

ParvezAhmad — Thu, 23 Jan 2014 13:50:22 GMT

Hello Slawek,

GP tunnel interface is the part of inside zone and DNS servers resides in the same zone.

Regards,

Parvez

Re: Global protect DNS name resolution.

_slv_ — Thu, 23 Jan 2014 14:22:19 GMT

Could You ping by IP address this servers?

What about nslookup - is it possible to get response about google.com?

Re: Global protect DNS name resolution.

Hithead — Thu, 23 Jan 2014 14:55:06 GMT

Firewall Policy? is DNS allowed from the tunnel zone to the destination zone ?

Re: Global protect DNS name resolution.

Gregoux — Thu, 23 Jan 2014 16:04:17 GMT

yes you need to autorize via security policy dns app or via service base on tcp and udp 53 port

Re: Global protect DNS name resolution.

ParvezAhmad — Fri, 24 Jan 2014 07:54:03 GMT

since tunnel interface is the part of inside zone - from inside to outside permit all for this VPN subnet.

Moreover, after connecting GP, we tried nslookup of some servers it is resolving the correct IP address.

I tried to access(through RDP) servers via its name it is not working but via IP address - It is working.

Re: Global protect DNS name resolution.

Hithead — Fri, 24 Jan 2014 08:08:03 GMT

I'm 99,99% sure, if everything is allowed from VPN to the LAN and nslookup works, it shouldn't be a firewall issue!

It can be the HOST.txt file, Windows/3rdParty Client Firewall, DNS Server, NIC driver/setting or the Remote Server itself...

You have to google that. Sorry, because I don't know your infrastructure.

BTW: Do you see something in the traffic logs?

Re: Global protect DNS name resolution.

Gregoux — Fri, 24 Jan 2014 11:15:14 GMT

I tried to access(through RDP) servers via its name it is not working but via IP address - It is working

and when you try a nslookup with this server name, what is the result?

if it's work it's not a firewall issue. but RDP service on this server

Re: Global protect DNS name resolution.

JimS2 — Sat, 25 Jan 2014 02:47:28 GMT

This is actually a well known problem for Windows as well as Mac OSX. It has to do with the DNS server binding order.

Written for XP but applies to 7 as well:

Cannot Change the Binding Order for Remote Access Connections

Google search that shows how wide spread this issue is and some resolutions for it.

https://www.google.com/search?q=windows+dns+binding+order&rlz=1C1LENP_enUS544US544&oq=windows+dns+bind&aqs=chrome.2.69i5…

Re: Global protect DNS name resolution.

MattCooperCISD — Sun, 23 Feb 2020 02:10:42 GMT

Were you ever able to find a solution to your problem? I'm experiencing the same thing running macOS 10.15.3. Upon initial connection with GlobalProtect I open terminal and run "scutil --dns". My nameservers show the IPs of the my internal corporate network. After a few seconds I can run the same command, and the nameservers has changed to localhost "127.0.0.1".