GlobalProtect Clients Home IP's showing up in DNS

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

GlobalProtect Clients Home IP's showing up in DNS

Like many organizations, we have had to enable VPN access for more individuals during the COVID-19 crisis. We recently noticed that about half of the 42 machines display their home's local LAN IP address in our DNS server. This is in addition to the IP address that GlobalProtect issues. One of my sysadmins pointed out a way to fix this is to disable the Register this connection's addresses in DNS feature on the Ethernet or wireless NIC adapter in Windows 10 (not the PANGP adapter). This would stop the adapter from sending the 192.168.x.x IP to our DNS server and adding it to the A record. 

nic setting.png

 

Is there another way to get around this? 

Tags (2)

Accepted Solutions
Highlighted
L2 Linker

I've posted this on a couple forums now, and it seems like this is an issue regardless of which VPN solution you use. That option to register this connection's address in DNS is a default option in our Windows 10 image. We got around it by looking up the GP IP for the user, edit our hosts file entry with the GP IP and the FQDN, and then issuing the following commands to remotely connect to the computer and uncheck that DNS option. We eventually put this into a script, and now a GPO.

 

#Connect remotely to multiple computers using admin Account
Enter-PSSession –ComputerName mycomputername –Credential domain\username

 

#Check to see if DNS registry option is checked

Get-NetAdapter Ethernet | Get-DNSClient
Get-NetAdapter Wi-Fi | Get-DNSClient

#Sets the DNS Registry option on Ethernet interface to False (turns off)

Get-NetAdapter Ethernet | Set-DNSClient –RegisterThisConnectionsAddress $False
Get-NetAdapter Wi-Fi| Set-DNSClient –RegisterThisConnectionsAddress $False

 

#Force ipconfig /registerdns

Register-DnsClient

View solution in original post


All Replies
Highlighted
L3 Networker

Hi Fr4nk4,

 

Please go through this link to remove the local IP from dns record: https://support.microsoft.com/en-us/help/2933537/clearing-the-register-this-connection-s-addresses-i...

 

I am not sure of another way to do this. What made you select that option in the first place?

Highlighted
L2 Linker

I've posted this on a couple forums now, and it seems like this is an issue regardless of which VPN solution you use. That option to register this connection's address in DNS is a default option in our Windows 10 image. We got around it by looking up the GP IP for the user, edit our hosts file entry with the GP IP and the FQDN, and then issuing the following commands to remotely connect to the computer and uncheck that DNS option. We eventually put this into a script, and now a GPO.

 

#Connect remotely to multiple computers using admin Account
Enter-PSSession –ComputerName mycomputername –Credential domain\username

 

#Check to see if DNS registry option is checked

Get-NetAdapter Ethernet | Get-DNSClient
Get-NetAdapter Wi-Fi | Get-DNSClient

#Sets the DNS Registry option on Ethernet interface to False (turns off)

Get-NetAdapter Ethernet | Set-DNSClient –RegisterThisConnectionsAddress $False
Get-NetAdapter Wi-Fi| Set-DNSClient –RegisterThisConnectionsAddress $False

 

#Force ipconfig /registerdns

Register-DnsClient

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!