I have a Cradlepoint AER1650 firewall/router that will be installed in a mobile trailer. I have an IPSec site-to-site tunnel up and running. However, unless I nslookup with the switch to specify the internal DNS servers, the Cradlepoint always returns a non-existent domain error. The goal is to send internal DNS queries across the VPN, but allow internet DNS go out the cellular. It's also desired to still allow internet-based DNS and traffic cross the cellular if the VPN doesn't come up for some reason. If it matters, the public DNS servers used are Cisco Umbrella's (for which I have an active subscription and proper configuration on)
Looking around in the config, it looks like I can tell it to use different DNS servers for certain specified domains using the split DNS function. I assigned my internal DNS servers and specified the prefixes, but it doesn't seem to work. Setting the main DNS servers to the internal DNS servers totally breaks everything regardless of whether the tunnel comes up or not. I've also made sure that the DNS suffix of the Cradlepoint is the same as the internal AD DNS zone.
I feel like this shouldn't be as hard as it is to get internal DNS routed to the internal DNS servers, but this is also my first Cradlepoint firewall I've worked on. Any suggestions are greatly appreciated.
No comments:
Post a Comment