Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

23.1 VPN Server Configuration

287

Figure 23.4

VPN server settings — specification of DNS servers for VPN clients

If the DNS module is already used as a DNS server for local hosts, it is recommended

to use it also for VPN clients. The DNS module provides the fastest responses to client

DNS requests and possible collision (inconsistency) of DNS records will be avoided.

•

Specific DNS servers — primary and optionally also secondary DNS server will be set

for VPN clients.

If another DNS server than the DNS module in WinRoute is used in the local network,

use this option.

DNS domain extension is also assigned to VPN clients. Domain extension specifies local do-

main. If the VPN client’s extension matches a local domain of the networks it connects to,

it can use hostnames within this network (e.g. server). Otherwise, full name of the host

including domain is required (e.g. server.company.local).

DNS extension can be also resolved automatically or set manually:

•

Automatic resolution can be used in case that the host belongs to the Active Direc-

tory domain and/or in case that firewall users are authenticated in this domain (see

chapter

15.1

).

•

DNS domain must be specified in case that it is a Windows NT domain or a network

without a domain, or in case that another domain extension is desirable (e.g. when

multiple Active Directory are mapped).

Note: DNS servers assigned by the VPN server will be used as primary/secondary DNS server(s)

on the client host. This implies that all DNS queries from the client host will be sent to these

servers. However, in most cases this kind of “redirection” has no side effects. Upon closing of

the VPN connection, the original DNS configuration will be recovered.