For When You Can't Have The Real Thing
[ start | index | login ]
start > Juniper > SSL > DNS Hijacking

DNS Hijacking

Created by dave. Last edited by dave, 7 years and 191 days ago. Viewed 3,804 times. #2
[diff] [history] [edit] [rdf]
labels
attachments

Problem

Network Connect clients on some ISPs can't resolve internal names

Discussion

You have an ISP who is responding with a valid record of some kind instead of a fail. By default, Network Connect queries local DNS records first before querying DNS records through the VPN connection. If your ISP is trying to sell you typo-squatter domains or redirect you to a "search engine" to help you find what you want, your Network Connect client will never query the DNS through the VPN.

Solution

Kill your ISP.

...oh and making this change might help:

Users 
--> Resource Policies 
--> Network Connect
	Network Connect Access Control 
--> Roles opened with Network Connect 
--> Add your internal DNS to the resources

NC Connection Profiles --> Your NC Profile --> DNS tab --> change DNS search order FROM Search the device's DNS servers first, then client TO search client dns first, then the device

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt