Meraki

Community

VPN DNS - Host name, Not FQDN

Solved
ZDonaldson
Getting noticed
‎Mar 15 2018 10:55 AM
‎Mar 15 2018 10:55 AM

VPN DNS - Host name, Not FQDN

Hey All,

 

on client vpn, is there a way to support only using short hostnames for DNS requests, rather than typing full FQDN?

 

my previous security appliance supported this option.

Zane D - IT Manager in Sin City NV
0 Kudos
1 Accepted Solution
MRCUR
Kind of a big deal
‎Mar 15 2018 12:18 PM
‎Mar 15 2018 12:18 PM

You can set the search domains for the VPN connection. On macOS it's called "Search Domains" and on Windows it's the DNS suffix list. The MX will not supply this info to VPN clients, so you'll need to set it on the devices. 

MRCUR | CMNO #12

View solution in original post

7 Replies 7
MRCUR
Kind of a big deal
‎Mar 15 2018 12:18 PM
‎Mar 15 2018 12:18 PM

You can set the search domains for the VPN connection. On macOS it's called "Search Domains" and on Windows it's the DNS suffix list. The MX will not supply this info to VPN clients, so you'll need to set it on the devices. 

MRCUR | CMNO #12
In response to MRCUR
lauraCanadaIT
Just browsing
‎May 28 2018 4:38 PM
‎May 28 2018 4:38 PM

What about iOS search domains connected to VPN. Search domains are not able to be set there. It needs DHCP scope option 15 to work. Is there a way for the MX to have that? It will simplify the configuration on mobile devices.

 

Thanks

0 Kudos
In response to lauraCanadaIT
MRCUR
Kind of a big deal
‎May 29 2018 5:29 AM
‎May 29 2018 5:29 AM

@lauraCanadaIT There is no way to customize the DHCP options for the client VPN subnet that I'm aware of. If you issue a mobile config profile to your iOS users to set up the VPN, perhaps you can supply the DNS suffix with that config. 

MRCUR | CMNO #12
0 Kudos
In response to MRCUR
lauraCanadaIT
Just browsing
‎May 29 2018 5:40 AM
‎May 29 2018 5:40 AM

@MRCURUnfortunately, The MDM from Meraki does not allow custom profiles and iOS profiles doesn't allow it as well. I'm a little stuck here.

0 Kudos
In response to lauraCanadaIT
bluecat
Here to help
‎Dec 4 2019 4:35 AM
‎Dec 4 2019 4:35 AM

Has anyone found a solution to this? All our users have shortcuts to files e.g. \\server01\file having to recreate shortcuts and/or training users to use \\server01.domain.local\file is going to be tiring.

 

Appending DNS suffixes to the VPN connection is greyed out in Windows 10 and adding the suffix to the "DNS Suffix for this connection" option doesn't seem to help either? Plus our DFS namespace seems to be unreachable even with the suffix added.

0 Kudos
In response to bluecat
Annhilate
New here
‎Nov 19 2020 7:21 AM
‎Nov 19 2020 7:21 AM

Try doing this on the local adapter instead of the VPN adapter, you should be able to append domain.suffix under IPv4 > Advanced > DNS settings. In my case it was greyed out on the VPN adapter, but not on the local adapter. 

0 Kudos
In response to bluecat
CloudViking86
Here to help
‎Mar 22 2021 9:14 AM
‎Mar 22 2021 9:14 AM

Hello,

 

In the same situation here;
* I can specify the DNS-servers for the VPN-adapter (Meraki VPN) which would overwrite the default DNS-server specified in Meraki (such as Google) to resolve FQDN

however resolving shortnames such as "mycomputer" as opposed to "mycomputer.ad.mydomain.com" fails since you can't append DNS-suffixes since it is greyed out.


You can specify a WINS-server in the VPN-settings;
https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Resolving_NetBIOS_names_ov...
however I fail to see how that would solve that the client knows which domain to append to the shortname i.e. to append "ad.mydomain.com" to "computer1"?
Unless its inferred when specifying a WINS-server (i.e. use the domain that the WINS-server belongs to)? 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.