Temos três controladores de domínio do Windows (2012 R2 e 2008 R2 mix), todos os servidores DNS. Cenário de DNS da zona dividida.
A resolução de DNS está funcionando para todas as sub-redes internas, exceto para a VPN de usuário. Toda conectividade de rede parece estar desinibida.
Os usuários conectados ao Cisco AnyConnect IOS SSL VPN não conseguem resolver as consultas DNS voltadas para a Internet. Consultas a Zonas Integradas do AD retornam respostas corretas.
Saída do NSLOOKUP do host em funcionamento dentro do limite da rede:
> set type=a
> 4.2.2.6
Server: dc1.domain.com
Address: 192.168.0.1
------------
SendRequest(), len 38
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
6.2.2.4.in-addr.arpa, type = PTR, class = IN
------------
------------
Got answer (98 bytes):
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 0, additional = 0
QUESTIONS:
6.2.2.4.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 6.2.2.4.in-addr.arpa
type = PTR, class = IN, dlen = 24
name = f.resolvers.level3.net
ttl = 74506 (20 hours 41 mins 46 secs)
-> 6.2.2.4.in-addr.arpa
type = PTR, class = IN, dlen = 12
name = resolver8.level3.net
ttl = 74506 (20 hours 41 mins 46 secs)
------------
Name: f.resolvers.level3.net
Address: 4.2.2.6
Saída do NSLOOKUP do host conectado à VPN:
> set type=a
> 4.2.2.6
Server: [192.168.0.1]
Address: 192.168.0.1
------------
SendRequest(), len 38
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
6.2.2.4.in-addr.arpa, type = PTR, class = IN
------------
------------
Got answer (38 bytes):
HEADER:
opcode = QUERY, id = 7, rcode = NXDOMAIN
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
6.2.2.4.in-addr.arpa, type = PTR, class = IN
------------
*** [192.168.0.1] can't find 4.2.2.6: Non-existent domain
Notas:
Qualquer ajuda com isso será muito apreciada.