VMware Communities
mystereman
Enthusiast
Enthusiast

Guest VM can't resolve DNS on VPN of host

I have a WIndows 7 Host that has a standard windows PPTN VPN connection to my workplace. If I run the guest (also Windows 7) with NAT networking, I can ping hosts on the VPN, but i cannot resolve any DNS over the VPN, but I can resolve DNS over the internet connection of the host (I have the default gateway turned off for the vpn connection). DNS resolution works for the host over the VPN.

I also tried to configure the guest to use the VPN directly, using both NAT and Bridged, and I have a huge problem with frequent VPN disconnects. I stay connected on the HOST and do not have those disconnects.

Can anyone help me to get DNS resolution for the VPN as well as the internet working? I'm using Workstation 7.1.

Tags (2)
Reply
0 Kudos
12 Replies
AWo
Immortal
Immortal

Do you use the VMWare DHCP server service in your guest to get an IP address?


AWo

VCP 3 & 4

\[:o]===\[o:]

=Would you like to have this posting as a ringtone on your cell phone?=

=Send "Posting" to 911 for only $999999,99!=

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos
mystereman
Enthusiast
Enthusiast

Yes, of course.

Reply
0 Kudos
AWo
Immortal
Immortal

O.K., then your DNS requests are forwarded to the DNS server the host uses. You may want to configure the DNS servers which are reachable through the VPN connection. You can configure them manually in your guest or in the NAT setup via the Virtual Network Editor.


AWo

VCP 3 & 4

\[:o]===\[o:]

=Would you like to have this posting as a ringtone on your cell phone?=

=Send "Posting" to 911 for only $999999,99!=

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos
mystereman
Enthusiast
Enthusiast

I don't mean to disagree, but No. VMWare is not using the servers my host uses. I can resolve the VPN addresses on the host, but in the guest they do not resolve.

Further, I have multiple VPN's, and there is only space for 3 DNS servers in the network settings, i will have to manually reconfigure the network every time i connect to a new VPN if I have to manually configure them.

Clearly, if the host can resolve the DNS, then vmware is not utilizing the hosts DNS resolution settings, because I can ping IP addreses on the VPN, but cannot resolve names.

Reply
0 Kudos
AWo
Immortal
Immortal

I don't mean to disagree, but No. VMWare is not using the servers my host uses. I can resolve the VPN addresses on the host, but in the guest they do not resolve.

You wrote that you can resolve Internet URL's like the host does. Of course, the DNS IP used is the VMnet8 host adapter IP address +1 (as you use NAT), but that is rerouted to the host DNS servers. Otherwise you wouldn't be able to resolve internet addresses.

Clearly, if the host can resolve the DNS, then vmware is not utilizing the hosts DNS resolution settings, because I can ping IP addreses on the VPN, but cannot resolve names.

Yes, if you can't resole addresses over the VPN, then the guest uses the host DNS servers. Reconfigure it to use the DNS servers you get via the VPN.


AWo

VCP 3 & 4

\[:o]===\[o:]

=Would you like to have this posting as a ringtone on your cell phone?=

=Send "Posting" to 911 for only $999999,99!=

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos
mystereman
Enthusiast
Enthusiast

That seems unmanageable. As I said, I have a number of VPN's I connect to, and there are only 3 entries for DNS servers in the VMWare network settings. So each time I connect to a vpn, I have to lookup their dns settings (because they can change) and modify my network settings?

I would suggest that if this is required, this is a serious bug. The entire point of using NAT is that the guests will use the hosts networking. If the guests can't resolve eveyrthing the host does, that seems broken to me.

Reply
0 Kudos
AWo
Immortal
Immortal

From the manual: The NAT device acts as a DNS server for the virtual machines on the NAT network. The NAT device is a DNS proxy and forwards DNS requests from the virtual machines to a DNS server that the host knows. Responses return to the NAT device, which then forwards them to the virtual machines.

If they get their configuration information from DHCP, the virtual machines on the NAT network automatically use the NAT device as the DNS server. However, the virtual machines can be statically configured to use another DNS server.

Which VPN are you using? Some apply restrictions/Policies to the host they run on. For example, I used OpenVPN in the past and that worked over NAT.

Are the host DNS entries changed when the VPN connection is active?


AWo

VCP 3 & 4

\[:o]===\[o:]

=Would you like to have this posting as a ringtone on your cell phone?=

=Send "Posting" to 911 for only $999999,99!=

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos
mystereman
Enthusiast
Enthusiast

I'm using standard windows built-in VPN, ie pptp/l2tp. When I connect the vpn, obivously the dns entries of the computer are changed. The dns is added to the adapter when connection the interface is configured by the server.

Somthing you may be getting confused by here. I have specified that the VPN does not change the default gateway for the routing table, this way I can access the internet of my local connection while still accessing resources on the VPN.

It seems like VMWare may not be noticing that the dns entries have changed after it has started. I have not yet tried connecting the vpn before I start vmware. I may give that a try.

EDIT: Ok, so if I connect to the vpn before starting vmware, it works. This still seems like a bug to me.

However, it's all a moot point as when I use the host's vpn, i can't connect to sql server or anything else that requires domain credentials because it says i'm in an untrusted domain. So i'm back to trying to make the vpn work within the guest without disconecting every 9 minutes.

Reply
0 Kudos
puffel
Contributor
Contributor

Question: is this thread get answered? I've got the same problem after upgrade from VMWare Workstation 12 to 14. Here's the detail:

I'm using Linux/Mac/Windows guest.

I'm inside corp network.

I'm using NAT with my guest.

From the guest (anyone configured with NAT), I cannot get my local server (server also inside corp network, with IP as 10.x.x.x) resolved by name.

However, from the same guest, I can get internet host resolved (such as google.com or bing.com).

From the host, I can resolve both local and internet address.

This behave slimier to a router with "dns rebinding protection" enabled. However, this never happened before upgrade (or maybe I've did some configuration long time ago? but I cannot recall what I've configured to make vmware behave correctly, if that's the case).

Didn't find any document about how to disable the "rebinding protection" feature if this is indeed a new feature/default setting. Or, maybe it's caused by something else? Please help me out here.

Reply
0 Kudos
gimmely
Hot Shot
Hot Shot

I can be wrong in what I'm reading, but what is your host puffel​?

Reply
0 Kudos
klepp0906
Contributor
Contributor

same issue but in reverse.


I can connect via ip or hostname from guest > host.


I cant connect via hostname from host > guest  (most of them, 1 or 2 I can which makes this all the weirder)

I can connect via IP from host > guest.


Also worked fine with older VMware.  Unsure if its coincidental that it broke around the time i upgraded, or i didnt notice it in time or what.  guests can all talk/resolve with one another.  Everything shows up as it should on the network from guest/host side(s).  Purely a problem with connecting via hostname from host>guest.  Win10 host, all guests configured as NAT.

Reply
0 Kudos
CLSV
Contributor
Contributor

I had a similar issue after an Ubuntu update disabled my DNS.

The fix in my case is to change /etc/resolv.conf to

search localdomain

nameserver abc.def.ghi.2

where nameserver ip is the first 9 digits of the ip of ens33 followed by 2

if I call ifconfig I have:

...

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet abc.def.ghi.jkl netmask 255.255.255.0  broadcast abc.def.ghi.255

        ...

Hope this helps.

Reply
0 Kudos