Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
zsszlama
Contributor

RA VPN client update PTR record in Windows DNS server

Hello,

 

Our cluster serves VPN service to our clients based on the ipassigment.conf file in office mode, the DNS servers are Windows servers.

On client side the DNSlookup works fine.

On Windows Server side currently the A records are updated on the DNS server from the VPN clients but the PTR records are also created but they not updating when there is a change.

Do you know if there is a setting on Checkpoint which we could apply?

Or maybe there is a trust issue between CP and Windows DNS Servers? Is there a way to make CP as a secure source for DNS entries?

Please let me know if you need further details.

Thanks in advance!

Zsolt

 

0 Kudos
7 Replies
_Val_
Admin
Admin

Could you please provide more details? Do you expect your VPN clients to update their reverse DNS data on your Windows DNS server? What would be a purpose of that?

0 Kudos
zsszlama
Contributor

hi Val,

Your assumption is right, we need to update reverse DNS. It's needed to some business services for example for SCCM service to work properly. (This is the public answer which I can provide you, I hope you understand it.)

0 Kudos
Ruan_Kotze
Advisor

What about a post-connect script running ipconfig /registerdns?

Alternatively you should also be able to create a scheduled task that is triggered after the VPN connection is established.

0 Kudos
zsszlama
Contributor

For this we need script? I was thinking it should be a normal behavior. Tbh I thought there is a setting to be applied or some kind of secure connection establishing between cp gws and windows server.

0 Kudos
Ruan_Kotze
Advisor

The only native way I can think of is if you configure your VPN gateway it so that you get IP addresses from your MS DHCP server itself, which for you is a problem since you use ipassignment.conf.

For interest sake - do other vendors do this, if the DHCP source is the gateway itself?  I ask because in a previous life I supported Fortigates, and I remember we had to touch the clients to get this to work also.

0 Kudos
zsszlama
Contributor

Unfortunately I don't have any experience with other vendors.

0 Kudos
mazamora
Explorer

By default, Windows clients update their DNS server with A and PTR records as per How to configure DNS dynamic updates in Windows Server - Windows Server | Microsoft Learn (ipconfig /registerdns does the same)
We have the same issue, but the problem is that the DNS server creates a new PTR record when Windows clients receive a new IP on the Checkpoint Virtual Network Adapter due to a new VPN connection, i.e., the next workday (A record is updated without issue). The strange part is that only the IPs given by the Checkpoint VPN gateway are the ones having this problem, which causes an issue with MECM. MECM uses the PTR record to find the computers, not the A record, don't ask me why 🙂
If you have been able to fix this, please post the solution.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events