Re: Cisco VPN having DNS problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--On Friday, July 23, 2004 11:06 AM -0500 joel schaubert <joel4700@xxxxxxxxxxxxx> wrote:

1) have others seen problems with DNS over cisco VPN with FC2?

Yes! I suspect it's a configuration issue at the Cisco end, but I don't control that end and can't be sure.


One problem with Cisco's VPN is that it insists on replacing resolv.conf with one that references the peer's DNS servers and adds the peer's domain name to the search list. I don't want that, so I "chattr +i /etc/resolv.conf" to make the file immutable. (Even root can't overwrite without removing this flag.)

My regular resolv.conf searches my LAN domain and consults BIND running on the same box.

I find that with the VPN up BIND can't resolve PTR records (reverse lookups) and some forward lookups, notably those for the peer's external domain (which is the same as his internal domain) intermittently fail. Alas, that blocks email in weird ways, particularly email between me and the peer.

The other admin has removed WINS and DNS server listings on his end, but I'm still seeing the problem, so I'm not sure what I can do now. A query on comp.dcom.cisco suggested that "split DNS" be enabled at the Cisco end.

Kernel is 2.6.5-1.358 (custom recompiled to add BSD PTY support). Client is 4.0.4B.

I thought I could diagnose this with tcpdump, but it won't dump packets going to the Cisco interface, claiming it's down. The packets don't show up in a dump of my external interface (eth1).

Curiously, I can query PTR records if I directly query a known authoritative server for the netblock with dig, but recursive query with BIND doesn't work.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux