cancel
Showing results for 
Search instead for 
Did you mean: 

PSA3000 internal and external DNS conflict.

SOLVED
Highlighted
New Contributor

PSA3000 internal and external DNS conflict.

Hi all,

I am a new user of the community and would like to ask you a question.

Our customer has a problem with DNS resolution.

The end user's computer always uses the DNS of its ISP provider ignoring the internal dns server.

The Spilt Tunnel is enable, and the order of the DNS request is as follows: Search client DNS first, then the device.

Does the DNS client mean the internal server configured on Pulse or that of the end customer that corresponds to the ISP provider?

Thank you anyway.

Best Regards,

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Moderator
Moderator

Re: PSA3000 internal and external DNS conflict.

Client DNS - DNS server provided by the ISP

Server DNS - DNS server provide by the VPN server.

 

In case of Windows 10, Choosing any of the first 2 options produces the same results i.e. DNS queries will be sent out using both Interfaces.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

Occasional Contributor

Re: PSA3000 internal and external DNS conflict.

>>and the order of the DNS request is as follows: Search client DNS first, then the device.

 

This config is known to cause issues where the ISP DNS does not strictly comply with DNS protocol and send the correct response for hostnames that it cannot resolve (such as corporate internal sites). Very common issue with severla ISP DNS setups that want to capture traffic for unknown sites and redirect to a landing page of some sorts for additional advertising traffic/revenue. 

 

I recommend switching the order, though this will increase the DNS load on your internal DNS servers.

View solution in original post

2 REPLIES 2
Highlighted
Moderator
Moderator

Re: PSA3000 internal and external DNS conflict.

Client DNS - DNS server provided by the ISP

Server DNS - DNS server provide by the VPN server.

 

In case of Windows 10, Choosing any of the first 2 options produces the same results i.e. DNS queries will be sent out using both Interfaces.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

Occasional Contributor

Re: PSA3000 internal and external DNS conflict.

>>and the order of the DNS request is as follows: Search client DNS first, then the device.

 

This config is known to cause issues where the ISP DNS does not strictly comply with DNS protocol and send the correct response for hostnames that it cannot resolve (such as corporate internal sites). Very common issue with severla ISP DNS setups that want to capture traffic for unknown sites and redirect to a landing page of some sorts for additional advertising traffic/revenue. 

 

I recommend switching the order, though this will increase the DNS load on your internal DNS servers.

View solution in original post