Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PSA3000 internal and external DNS conflict.

SOLVED
Go to solution
DanJovi
Occasional Contributor
‎03-17-2020 05:37:AM
‎03-17-2020 05:37:AM

PSA3000 internal and external DNS conflict.

Hi all,

I am a new user of the community and would like to ask you a question.

Our customer has a problem with DNS resolution.

The end user's computer always uses the DNS of its ISP provider ignoring the internal dns server.

The Spilt Tunnel is enable, and the order of the DNS request is as follows: Search client DNS first, then the device.

Does the DNS client mean the internal server configured on Pulse or that of the end customer that corresponds to the ISP provider?

Thank you anyway.

Best Regards,

0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions
r@yElr3y
Moderator
Moderator
‎03-17-2020 08:45:AM
‎03-17-2020 08:45:AM

Re: PSA3000 internal and external DNS conflict.

Client DNS - DNS server provided by the ISP

Server DNS - DNS server provide by the VPN server.

 

In case of Windows 10, Choosing any of the first 2 options produces the same results i.e. DNS queries will be sent out using both Interfaces.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

identityaws
Occasional Contributor
‎03-17-2020 07:40:PM
‎03-17-2020 07:40:PM

Re: PSA3000 internal and external DNS conflict.

>>and the order of the DNS request is as follows: Search client DNS first, then the device.

 

This config is known to cause issues where the ISP DNS does not strictly comply with DNS protocol and send the correct response for hostnames that it cannot resolve (such as corporate internal sites). Very common issue with severla ISP DNS setups that want to capture traffic for unknown sites and redirect to a landing page of some sorts for additional advertising traffic/revenue. 

 

I recommend switching the order, though this will increase the DNS load on your internal DNS servers.

View solution in original post

2 REPLIES 2
r@yElr3y
Moderator
Moderator
‎03-17-2020 08:45:AM
‎03-17-2020 08:45:AM

Re: PSA3000 internal and external DNS conflict.

Client DNS - DNS server provided by the ISP

Server DNS - DNS server provide by the VPN server.

 

In case of Windows 10, Choosing any of the first 2 options produces the same results i.e. DNS queries will be sent out using both Interfaces.

PCS Expert
Pulse Connect Secure Certified Expert
identityaws
Occasional Contributor
‎03-17-2020 07:40:PM
‎03-17-2020 07:40:PM

Re: PSA3000 internal and external DNS conflict.

>>and the order of the DNS request is as follows: Search client DNS first, then the device.

 

This config is known to cause issues where the ISP DNS does not strictly comply with DNS protocol and send the correct response for hostnames that it cannot resolve (such as corporate internal sites). Very common issue with severla ISP DNS setups that want to capture traffic for unknown sites and redirect to a landing page of some sorts for additional advertising traffic/revenue. 

 

I recommend switching the order, though this will increase the DNS load on your internal DNS servers.

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.