Split DNS works but not fully

Got a problem with Viscosity or need help? Ask here!

VicoAdmin

Posts: 2
Joined: Wed Mar 15, 2023 7:15 am

Post by VicoAdmin » Wed Mar 15, 2023 7:23 am
So I have Split DNS and added our domain name. The issue I have is that desktop shortcuts that go directly to a share on the server or host work fine but anything that is not a direct share does not work. I.E. - shortcut to "folder" shared on "server1" works fine but shortcut to "\\server1\user files\joe" does not resolve. Any ideas why or what I can do to make this work other than reconfiguring all shares/shortcuts?

Thanks in advance,

Mike

EDIT: I may have found the answer but I don't like the requirement if this is the answer. They are using a .local domain here since before my time so maybe that is the reason? Maybe I can setup something in the DNS server to fix this? Any ideas are still appreciated.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Mar 16, 2023 1:43 am
Hi Mike,

It sounds like there are actually two concepts at play here: both Split DNS and DNS Search Domains.

Split DNS chooses which DNS server to use when performing a lookup based on the domain. So for example, you may configure your VPN connection so any lookup with the domain mycompany.com will use the VPN DNS server, while all other lookups will use your computer's normal DNS servers. The important thing to note here is that Split DNS relies on the domain in the lookup, so server1.mycompany.com will use the VPN's DNS server. For more information please see:
https://www.sparklabs.com/support/kb/ar ... #dns-modes

Simply looking up "server1" (without the "mycompany.com" domain) relies on DNS Search Domains. This is where your computer will try looking up just "server1" using the computer's default DNS server (which will be your computer's normal DNS server when using Split DNS), and if that fails it'll attempt with each of the DNS Search Domains appended. This includes both your computer's normal search domains, as well as the VPN DNS search domains. So in your computer has "home.net" and "mycompany.com", it'll try "server1.home.net" and "server1 mycompany.com" and it'll use the first result.

Finally, lookups may not necessary be actually using DNS. For example, your company network may be using WINS or mDNS instead for network shares. For WINS you can push a WINS server (but please note that Windows handles using this, there is no Split DNS style functionality).
https://www.sparklabs.com/support/kb/ar ... s-and-wins

You may want to consider using Full DNS if you want single-label lookups without a domain to always use the VPN DNS server.

As you've also noted, the .local domain is a reserved domain for mDNS. This applies to both Windows and macOS. Attempting to use it as a search domain will likely cause issues, especially on Windows 11.
https://www.sparklabs.com/support/kb/ar ... ed-domains

One way around .local use (without fully migrating away from it) is to have your VPN DNS server forward a different domain to the .local domain. For example, you might set up the internal.mycompany.com domain to remap all lookups to .local, and then use the internal.mycompany.com domain for VPN connections instead. If you only have a small number of subdomains, you can also use CNAME mapping.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

VicoAdmin

Posts: 2
Joined: Wed Mar 15, 2023 7:15 am

Post by VicoAdmin » Sat Mar 18, 2023 8:56 am
Thanks James, I'll look into some of these options.
3 posts Page 1 of 1