Windows - updating the DNS cache

A frequently recurring question on the OpenVPN users mailing lists is related to the DNS name resolution on Windows after the VPN connection is established. If the OpenVPN server pushes out a new DNS server, then this is automatically picked up by the OpenVPN client, yet the name resolution does not always work right after establishing the connection. This has little to do with OpenVPN and more to do with the way the Windows DNS caching service works. As this question comes up quite regularly, a new directive, register-dns, was added in OpenVPN 2.1.3. When this directive is specified, OpenVPN updates the Windows DNS cache and registers the VPN IP address in the Windows DNS tables. As this feature was introduced only recently, this recipe will also show how the Windows DNS cache can be updated using a script when the VPN connection is established. Some users disable the DNS caching service altogether, which seems to have little impact on the operating system, except for a small performance penalty when using a slow network.

Getting ready

Set up the client and server certificates using the first recipe from Chapter 2Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client computer was running Windows 7 SP1 and OpenVPN 2.3.11. Keep the server configuration file, example9-2-server.conf, from the Linux: using pull-resolv-conf recipe at hand, as well as the client configuration file, basic-udp-client.ovpn, from the Using an ifconfig-pool block recipe in Chapter 2Client-server IP-only Networks.

How to do it...

  1. Start the server:
    [root@server]# openvpn --config example9-2-server.conf
    
  2. Add a line to the basic-udp-client.ovpn configuration file:
            register-dns 
    
  3. Save this configuration file as example9-5.ovpn. Start the OpenVPN client.

    The OpenVPN GUI status window will show that the Windows service dnscache has restarted:

    How to do it...

    After the VPN connection is established, verify that the name resolution is using the VPN-supplied DNS server, for example, by using the nslookup command.

How it works...

When the VPN connection is established, the OpenVPN client software sends a DHCP packet to the TAP-Win32 adapter with the IP address, default gateway, and the other network-related information, such as a new DNS server. This information is picked up by the operating system but the local DNS caching service is not notified immediately. The register-dns directive executes the following commands:

net stop dnscache
net start dnscache
ipconfig /flushdns
ipconfig /registerdns

By forcing a restart of the DNS caching service, the DNS server supplied by the VPN connection is used immediately.

See also

  • The Windows 8+ - ensuring DNS lookups are secure recipe later in this chapter, which goes into detail of how to ensure that DNS lookups are passed over the VPN tunnel only
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.200.150