cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse Secure Client - Registering DNS

Highlighted
Occasional Contributor

Pulse Secure Client - Registering DNS

Current scenario:

 

When a user connects to VPN with the full Pulse Secure Desktop client, multiple DNS records are published in DNS for the client.

 

For example, when I connect the following IP Addresses are registered in DNS for the client:

10.0.0.1 (Corporate VPN IP Address)

192.168.1.2 (Internal, Private IP Address)

 

Is it possible to prevent the client from registering more than just the corporate IP Address in DNS?  With both records published, attempting to ping / connect to devices on VPN doesn't always work as the private IP Address is returned at random.

8 REPLIES 8
Highlighted
Frequent Contributor

Re: Pulse Secure Client - Registering DNS

Hi,

 

Who manages the computer, can decide which interfaces register their IPs.

https://docs.microsoft.com/en-us/previous-versions//cc959739(v=technet.10)

 

Best Regards,

 

Highlighted
Occasional Contributor

Re: Pulse Secure Client - Registering DNS

That implies that I would need to change configuration of the client when it is remote vs the next day when it is back in the office.  The Pulse Secure Desktop client already does a terrible job of detecting Domain vs Private network locations let alone, trying to script a change at login to prevent other adapters from registering in DNS.

Highlighted
New Contributor

Re: Pulse Secure Client - Registering DNS

Hello, we are having the same issue and this is very annoying. We are getting many incorrect entries in DNS because of that. My temporary solution was to deploy a GPO that disables the "Register this interface's address in DNS" and enable Secure Dynamic DNS updates. Is there a way that Pulse can only send its own IP to DNS?

Highlighted

Re: Pulse Secure Client - Registering DNS

Same issue here. Would be nice to hear from someone from Pulse instead of being ignored for months

Highlighted
Community Manager

Re: Pulse Secure Client - Registering DNS

I sent a PM about this - let me know if I can help.

New Contributor

Re: Pulse Secure Client - Registering DNS

Curious if anyone has found a fix or workaround for this...

Highlighted
Occasional Contributor

Re: Pulse Secure Client - Registering DNS

Has anyone had a chance to look / try this yet?

 

https://support.microsoft.com/en-us/help/4505658/windows-10-update-kb4505658

 

Specifically:

Microsoft introduced a new Registry Key to fix this issue in KB4507466

Addresses an issue that causes a Windows device to incorrectly register host A records for two network interface controllers (NIC) after establishing a virtual private network (VPN) connection to the corporate domain. This occurs when the device is configured with two NICs and one of them is a VPN. To implement this solution, make the following registry changes and then restart your device:

  • Setting: DisableNRPTForAdapterRegistration
  • Path: HKLM\System\CurrentControlSet\Services\Dnscache\Parameters
  • Type: DWORD
  • Value: A value of 1 means that only the host A records for the VPN interface will register on an active VPN connection. A value of 0 (default) means host A records will also be registered for other local interfaces.
Highlighted
New Contributor

Re: Pulse Secure Client - Registering DNS

We looked at this, but didn't notice any difference when adding the reg key (the update was already applied).  If anyone is seeing this fix the problem, I'd be curious to know more details.