So on my home network I run my own domain controller & DNS server. On my client machine (which is a member of this home domain), I connect to my work VPN and from that point my DNS messes up.
My internet works because I unchecked "Use default gateway on remote network", so that's not a problem. I also have explicitly set the primary DNS suffix of my NIC (Local Area Connection 2) to dailey.home.com, since that is the domain of my internal network. Ideally I don't want to manually set it, but I did it anyway because I thought it might help.
Before I connect to my VPN, my ipconfig /all for "Windows IP Configuration" looks like this:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Bob
Primary Dns Suffix . . . . . . . : dailey.home.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dailey.home.com
When I connect to my VPN, then it changes to this:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Bob
Primary Dns Suffix . . . . . . . : dailey.home.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dailey.home.com
pacs.local
My router, which is my default gateway on my home network, has the domain name "router", which points to 10.3.1.1. When I type "router" into my browser (BEFORE connecting to my VPN), I correctly reach my router's HTTP firmware page.
After I connect to the VPN, I do NOT reach the firmware page. When I run a PING on "router", it no longer says 10.3.1.1, but instead has an IP address of 66.114.124.140, which I don't recognize.
In fact, when I try to use ANY local DNS name I have setup, such as computer names or the name of my printer, NONE of them work while the VPN is connected. The IP address is the same for all of them: 66.114.124.140. In fact, if I try a domain name that doesn't even exist, I still get a response from the same IP address.
While connected to the VPN, nslookup for my 'router' returns this (even for a fake domain name!):
C:\Users\robert>nslookup router
Server: svitdc03.pacs.local
Address: 172.16.0.56
Non-authoritative answer:
Name: router.dailey.home.com
Address: 66.114.124.140
With the VPN disconnected, nslookup for 'router' returns the expected results:
C:\Users\robert>nslookup router
Server: server.dailey.home.com
Address: 10.3.1.120
Name: router.dailey.home.com
Address: 10.3.1.1
Why is this happening? I don't quite understand. Below is the rest of my IPCONFIG results, with the VPN included.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Bob
Primary Dns Suffix . . . . . . . : dailey.home.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dailey.home.com
pacs.local
PPP adapter True Automation:
Connection-specific DNS Suffix . : pacs.local
Description . . . . . . . . . . . : True Automation
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.0.196(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.16.0.56
172.16.0.42
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : dailey.home.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
Physical Address. . . . . . . . . : 00-1F-BC-01-55-34
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.3.1.31(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Lease Obtained. . . . . . . . . . : Sunday, May 01, 2011 11:25:58 AM
Lease Expires . . . . . . . . . . : Monday, May 02, 2011 11:25:59 AM
Default Gateway . . . . . . . . . : 10.3.1.1
DHCP Server . . . . . . . . . . . : 10.3.1.1
DNS Servers . . . . . . . . . . . : 10.3.1.120
208.67.222.222
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-1F-BC-01-55-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.dailey.home.com:
Connection-specific DNS Suffix . : dailey.home.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:10.3.1.31%12(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.3.1.120
208.67.222.222
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{4827DF55-4B5E-405B-BE43-9B40BB4D7804}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.pacs.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : pacs.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Best Answer
When your VPN is disconnected, your client's resolver uses your home DNS server to resolve names. When you try to access the hostname
router, it uses the search path and asks your server for the address ofrouter.dailey.home.com, and all is well.When your VPN is connected, your VPN client and network settings point your client's resolver to your work DNS server. When you try to access the hostname
router, your computer asks your work DNS server for the address ofrouter.dailey.home.com. Since, as you've noted, the authoritative servers for thehome.comdomain return a valid answer for that domain name, the resolver stops there. If, instead, you changed your domain name to something not resolvable by Internet DNS servers, such ashome.local, your work DNS server would still have no way of resolvingrouter.home.localto an IP address, and would likely return an authoritative NXDOMAIN answer, i.e. "this domain does not exist." This configuration would fix your inability to reach intranet hosts without fully qualified names, since your client would proceed to the next element of your search path, but you still wouldn't be able to reach your home machines.The best solution I can think of is to set up your client to prefer your Local Area Connection 2 (Control Panel > Network and Internet (View network status and tasks)> Change adapter settings; press Alt and choose Advanced Settings; and then modify the adapter order), and then to configure your DNS server to delegate responsibility for the
pacs.localdomain to your work DNS server. This arrangement still has the problem that you won't be able to get to any Internet-facing machines inpacs.localwhen your VPN is not connected, but given that the TLD is.local, I expect that won't be a problem. You may possibly still run afoul of requirements from your VPN client.