Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
zsszlama
Explorer

RA VPN client update PTR record in Windows DNS server

Hello,

 

Our cluster serves VPN service to our clients based on the ipassigment.conf file in office mode, the DNS servers are Windows servers.

On client side the DNSlookup works fine.

On Windows Server side currently the A records are updated on the DNS server from the VPN clients but the PTR records are also created but they not updating when there is a change.

Do you know if there is a setting on Checkpoint which we could apply?

Or maybe there is a trust issue between CP and Windows DNS Servers? Is there a way to make CP as a secure source for DNS entries?

Please let me know if you need further details.

Thanks in advance!

Zsolt

 

0 Kudos
6 Replies
_Val_
Admin
Admin

Could you please provide more details? Do you expect your VPN clients to update their reverse DNS data on your Windows DNS server? What would be a purpose of that?

0 Kudos
zsszlama
Explorer

hi Val,

Your assumption is right, we need to update reverse DNS. It's needed to some business services for example for SCCM service to work properly. (This is the public answer which I can provide you, I hope you understand it.)

0 Kudos
Ruan_Kotze
Advisor

What about a post-connect script running ipconfig /registerdns?

Alternatively you should also be able to create a scheduled task that is triggered after the VPN connection is established.

0 Kudos
zsszlama
Explorer

For this we need script? I was thinking it should be a normal behavior. Tbh I thought there is a setting to be applied or some kind of secure connection establishing between cp gws and windows server.

0 Kudos
Ruan_Kotze
Advisor

The only native way I can think of is if you configure your VPN gateway it so that you get IP addresses from your MS DHCP server itself, which for you is a problem since you use ipassignment.conf.

For interest sake - do other vendors do this, if the DHCP source is the gateway itself?  I ask because in a previous life I supported Fortigates, and I remember we had to touch the clients to get this to work also.

0 Kudos
zsszlama
Explorer

Unfortunately I don't have any experience with other vendors.

0 Kudos