VPN DNS - Host name, Not FQDN

SOLVED
ZDonaldson
Getting noticed

VPN DNS - Host name, Not FQDN

Hey All,

 

on client vpn, is there a way to support only using short hostnames for DNS requests, rather than typing full FQDN?

 

my previous security appliance supported this option.

Zane D - IT Manager in Sin City NV
1 ACCEPTED SOLUTION
MRCUR
Kind of a big deal

You can set the search domains for the VPN connection. On macOS it's called "Search Domains" and on Windows it's the DNS suffix list. The MX will not supply this info to VPN clients, so you'll need to set it on the devices. 

MRCUR | CMNO #12

View solution in original post

7 REPLIES 7
MRCUR
Kind of a big deal

You can set the search domains for the VPN connection. On macOS it's called "Search Domains" and on Windows it's the DNS suffix list. The MX will not supply this info to VPN clients, so you'll need to set it on the devices. 

MRCUR | CMNO #12

What about iOS search domains connected to VPN. Search domains are not able to be set there. It needs DHCP scope option 15 to work. Is there a way for the MX to have that? It will simplify the configuration on mobile devices.

 

Thanks

MRCUR
Kind of a big deal

@lauraCanadaIT There is no way to customize the DHCP options for the client VPN subnet that I'm aware of. If you issue a mobile config profile to your iOS users to set up the VPN, perhaps you can supply the DNS suffix with that config. 

MRCUR | CMNO #12

@MRCURUnfortunately, The MDM from Meraki does not allow custom profiles and iOS profiles doesn't allow it as well. I'm a little stuck here.

Has anyone found a solution to this? All our users have shortcuts to files e.g. \\server01\file having to recreate shortcuts and/or training users to use \\server01.domain.local\file is going to be tiring.

 

Appending DNS suffixes to the VPN connection is greyed out in Windows 10 and adding the suffix to the "DNS Suffix for this connection" option doesn't seem to help either? Plus our DFS namespace seems to be unreachable even with the suffix added.

Try doing this on the local adapter instead of the VPN adapter, you should be able to append domain.suffix under IPv4 > Advanced > DNS settings. In my case it was greyed out on the VPN adapter, but not on the local adapter. 

Hello,

 

In the same situation here;
* I can specify the DNS-servers for the VPN-adapter (Meraki VPN) which would overwrite the default DNS-server specified in Meraki (such as Google) to resolve FQDN

however resolving shortnames such as "mycomputer" as opposed to "mycomputer.ad.mydomain.com" fails since you can't append DNS-suffixes since it is greyed out.


You can specify a WINS-server in the VPN-settings;
https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Resolving_NetBIOS_names_ov...
however I fail to see how that would solve that the client knows which domain to append to the shortname i.e. to append "ad.mydomain.com" to "computer1"?
Unless its inferred when specifying a WINS-server (i.e. use the domain that the WINS-server belongs to)? 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels