When a user connects to VPN with the full Pulse Secure Desktop client, multiple DNS records are published in DNS for the client.
For example, when I connect the following IP Addresses are registered in DNS for the client:
10.0.0.1 (Corporate VPN IP Address)
192.168.1.2 (Internal, Private IP Address)
Is it possible to prevent the client from registering more than just the corporate IP Address in DNS? With both records published, attempting to ping / connect to devices on VPN doesn't always work as the private IP Address is returned at random.
Who manages the computer, can decide which interfaces register their IPs.
That implies that I would need to change configuration of the client when it is remote vs the next day when it is back in the office. The Pulse Secure Desktop client already does a terrible job of detecting Domain vs Private network locations let alone, trying to script a change at login to prevent other adapters from registering in DNS.
Hello, we are having the same issue and this is very annoying. We are getting many incorrect entries in DNS because of that. My temporary solution was to deploy a GPO that disables the "Register this interface's address in DNS" and enable Secure Dynamic DNS updates. Is there a way that Pulse can only send its own IP to DNS?
Same issue here. Would be nice to hear from someone from Pulse instead of being ignored for months
Has anyone had a chance to look / try this yet?
Microsoft introduced a new Registry Key to fix this issue in KB4507466
Addresses an issue that causes a Windows device to incorrectly register host A records for two network interface controllers (NIC) after establishing a virtual private network (VPN) connection to the corporate domain. This occurs when the device is configured with two NICs and one of them is a VPN. To implement this solution, make the following registry changes and then restart your device:
We looked at this, but didn't notice any difference when adding the reg key (the update was already applied). If anyone is seeing this fix the problem, I'd be curious to know more details.
This is working as designed. FQDN split tunneling will need to modify the DNS setting on both physical and virtual adapters. Therefore, DNS entries from both the virtual and physical interfaces get registered.
Manual de-register the DNS entries on the endpoints
Please follow the instructions given below to de-register the DNS entries.