Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 8994 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN DNS iPhone

Matt Case

Hi,

I have setup an SSL VPN for our business users.  When connecting to the VPN from a laptop, everything works perfectly (specifically meaning internal LAN DNS is being pushed to the SSL VPN client).  However, for iPhones the internal LAN DNS is not being pushed through the VPN even though the iPhone and laptop are both on the same remote Wi-Fi and being accessed by the same remote user utilizing the same SSL VPN settings.

The iPhone is using the OpenVPN client.

What do I do?

Thanks.

Matt



This thread was automatically locked due to age.
Parents
  • 0

    Hi Matt,

    are you sure that the issue is actually that the DNS Server is not being pushed?
    Beginning with iOS 8, iOS will not resolve commonly used internal domains like ".local" via DNS anymore, because (according to RFC 6762 (authored by Apple, mind you ;-)), it is to be used for mDNS. I've seen this in quite a few customer's environments. The iOS-devices will use the internal DNS via VPN, just refuse to query it for anything .local.

    Best Regards
    Markus

Reply
  • 0

    Hi Matt,

    are you sure that the issue is actually that the DNS Server is not being pushed?
    Beginning with iOS 8, iOS will not resolve commonly used internal domains like ".local" via DNS anymore, because (according to RFC 6762 (authored by Apple, mind you ;-)), it is to be used for mDNS. I've seen this in quite a few customer's environments. The iOS-devices will use the internal DNS via VPN, just refuse to query it for anything .local.

    Best Regards
    Markus

Children
  • 0 in reply to MarkusGerstner

    Hmmm...I didn't realize this. Yes, that makes sense.

    So I guess now I have the wonderful opportunity to change my local domain structure? Lucky me...

    If you were in my shoes what would you change your .local to?

    Thanks for the reply!

    Matt

  • 0 in reply to Matt Case

    Hey Matt,

    current best practice (according to Microsoft - en.wikipedia.org/.../.local) seems to be to use a subdomain of your public second-level-domain for internal use, such as internal.awesome-company.com.
    When being confronted with this issue, we mostly used a workaround of creating a second internal DNS-domain (anything but .local) and pushed this suffix to the iOS VPN devices. Afaik, at least with Microsoft DNS Servers, it is possible to have one DNS-domain mirror another, so you still have only one list of hosts to maintain. Not being a Microsoft Admin myself, I can't give any specifics here, though.

    Best Regards
    Markus