I have a branch office connected to our main office via an IPSec VPN tunnel using a Prosafe FVS336Gv2 at each end of the connection. The FVS336Gv2 at the branch office is also being used as the DHCP server for 6 systems located there (there are no servers at the branch). The DNS settings provided by DHCP point to the 2 DNS servers at the main office. The DNS settings on the router itself point to ISPs DNS servers. The firmware on the router is current 3.07-24.
This configuration has been working fine for over a year until a recent event highlighted a flaw in our design. An issue with the ISP at the main office disabled the VPN, and therefore all DNS resolution at the branch office stopped working as it could no longer see the DNS servers at the main office. This included DNS resolution to the internet and therefore web browsing. I figured turning on DNS Proxy on the branch router would resolve this issue and allow them to at least resolve DNS to the internet in the event the VPN tunnel went down again. Turning this option on did add the routers IP address to the list of DNS server when checking via ipconfig /all. Testing via disabling the VPN tunnel allowed them to resolve DNS to the internet.
However, the issue with DNS Proxy turned on was that intermittently the workstations would be unable to resolve internal DNS names for servers that sit at the head office. Sometimes it would just be the NETBOIS name that would not be resolved, sometimes both netbios and FQDN. Any attempt to ping a servers netbios name would return with Ping request could not find host netbiosname. Sometimes pinging the FQDN would work, but not always. Performing an nslookup on the same server would resolve fine through the internal DNS server. Sometime the issue would resolve itself, sometime flushing the DNS cache or re-registering the DNS seemed to work. I have turned off the DNS caching until I can find an answer to why this unexpected behavior is occurring.
This configuration has been working fine for over a year until a recent event highlighted a flaw in our design. An issue with the ISP at the main office disabled the VPN, and therefore all DNS resolution at the branch office stopped working as it could no longer see the DNS servers at the main office. This included DNS resolution to the internet and therefore web browsing. I figured turning on DNS Proxy on the branch router would resolve this issue and allow them to at least resolve DNS to the internet in the event the VPN tunnel went down again. Turning this option on did add the routers IP address to the list of DNS server when checking via ipconfig /all. Testing via disabling the VPN tunnel allowed them to resolve DNS to the internet.
However, the issue with DNS Proxy turned on was that intermittently the workstations would be unable to resolve internal DNS names for servers that sit at the head office. Sometimes it would just be the NETBOIS name that would not be resolved, sometimes both netbios and FQDN. Any attempt to ping a servers netbios name would return with Ping request could not find host netbiosname. Sometimes pinging the FQDN would work, but not always. Performing an nslookup on the same server would resolve fine through the internal DNS server. Sometime the issue would resolve itself, sometime flushing the DNS cache or re-registering the DNS seemed to work. I have turned off the DNS caching until I can find an answer to why this unexpected behavior is occurring.