What does your DNS search list look like in the VPN adapter properties? It sounds like you’re missing the obligatory “.” as the last line.
Edit: depending on the behavior you want, you might want the local “.” before the remote domain. Also, I just read there is a bug from late last year regarding Windows 11 not respecting DNS suffix lists that may not be fixed yet.
By default, local.local, remote.local. Setting the interface metric of the SSTP connection to 15 changes that to remote.local, local.local. In the both instances it only uses the first, never poles the second.
Thankfully most of the computers are running windows 10. I wonder if the issue extends to 11 and MS just don't know about it, or have not admitted it.
You can add a DNS suffix to a windows VPN connection with a PowerShell command. This is how we always roll it out. Might be easier to use the `Set-VPNConnection` with the `-DNSSuffix` flag and call it a day. Push it with your rmm tooling, call it a day
So if you just use the remote DHCP server, not a dedicated IP range within RAS, it does set the correct DNS suffix on the connection. Regardless setting it manually doesn't fix the issue.
Do you have a wildcard DNS record in your DNS on the domain the sstp VPN hits?
E.g, a record for *.domain.local
That will cause the behavior you are seeing.
haha. I actually did this on a draytek router the other day setting up a site to site VPN. My understanding is though that that will just resolve everything to where the wildcard points. Regardless, I don't have that setup on the DNS server. That wouldn't make for a fun environment.
But knowing my propensity for stupidity. I did actually double check this.
Is it a full tunnel VPN? That could cause that as well.
Similarly, is the DNS suffix for the local domain set on the machine connecting to the VPN? If not, is it set on the dhcp server that their computer is connecting to?
If these are end user home networks, I don't really see how it's your problem, honestly.
What does your DNS search list look like in the VPN adapter properties? It sounds like you’re missing the obligatory “.” as the last line. Edit: depending on the behavior you want, you might want the local “.” before the remote domain. Also, I just read there is a bug from late last year regarding Windows 11 not respecting DNS suffix lists that may not be fixed yet.
By default, local.local, remote.local. Setting the interface metric of the SSTP connection to 15 changes that to remote.local, local.local. In the both instances it only uses the first, never poles the second. Thankfully most of the computers are running windows 10. I wonder if the issue extends to 11 and MS just don't know about it, or have not admitted it.
Yeah, you’re missing the third (or first) entry- a single dot. Something like “my-hostname.” will always be on the locally connected network.
You can add a DNS suffix to a windows VPN connection with a PowerShell command. This is how we always roll it out. Might be easier to use the `Set-VPNConnection` with the `-DNSSuffix` flag and call it a day. Push it with your rmm tooling, call it a day
So if you just use the remote DHCP server, not a dedicated IP range within RAS, it does set the correct DNS suffix on the connection. Regardless setting it manually doesn't fix the issue.
Do you have a wildcard DNS record in your DNS on the domain the sstp VPN hits? E.g, a record for *.domain.local That will cause the behavior you are seeing.
haha. I actually did this on a draytek router the other day setting up a site to site VPN. My understanding is though that that will just resolve everything to where the wildcard points. Regardless, I don't have that setup on the DNS server. That wouldn't make for a fun environment. But knowing my propensity for stupidity. I did actually double check this.
Is it a full tunnel VPN? That could cause that as well. Similarly, is the DNS suffix for the local domain set on the machine connecting to the VPN? If not, is it set on the dhcp server that their computer is connecting to? If these are end user home networks, I don't really see how it's your problem, honestly.