0

So we have domain example.com and have our active directory setup as ad.example.com. When I VPN (SSTP on RRAS) if I ping any thing (eg server.ad.example.com) it gives me an internal ip address (perfect what I want).

We also have example.com resources on our network and I would like when a user is vpn'd to the office if they ping www.example.com it gives the local ip (using the office dns) instead of the public one. Is this possible? Is there a way to tell windows clients to use ad.example.com and example.com over the vpn while letting the rest of the traffic not use the vpn?

I hope I'm explaining this correctly. Thank you,

David
  • 321
  • 2
  • 16

1 Answers1

1

There's no functionality in the Windows SSTP client to specify any kind of scope of authority with a DNS server. You just get to tell the client what DNS server to use.

Were I in this situation I'd spin-up a standalone DNS server on your LAN with root hints or a forwarder to a public DNS server and a stub zone for the "ad.example.com" referring to an authoritative DNS server (likely one your domain controllers). This new DNS server would resolve all names to their public records except "ad.example.com". I would set this DNS server to be used by RRAS clients.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328