When one of our users connects to our ISA VPN server, 99% of the time, their computers are using the DNS servers bound to the physical interface to resolve host names. Every once in a while, they use the DNS servers bound to the VPN connection. This causes problems when connecting to our servers.
We're using the built-in VPN client in Windows XP SP3. From what I've read, as long as the option to use the VPN connection for the default gateway is checked, the VPNs DNS servers should take precedence over the physical Ethernet interface. Executing "nslookup" shows the proper default server, but also shows it trying to contact the DNS server on their physical interface. Is there any way for me to force the preference towards the proper DNS servers on our corporate network?
This seems to have become more of an issue due to Cox and some other ISPs serving incorrect DNS results when they should be returning Non-existent domain. Previously it seems that after an error it would roll over to our servers.
*Edited to include server and client config.
Best Answer
As it turns out, this is a defect in Windows XP. The network binding order is set incorrectly so that DNS requests are always made on physical interfaces. There is a good workaround for this problem at isaserver.org: How to work around an issue with VPN clients and split DNS