Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

DNS Is Getting Confused Using Dual NICs


  • Please log in to reply
13 replies to this topic

#1
Brando569

Brando569

    Advanced Member

  • Member
  • PipPipPip
  • 413 posts
  • Joined 28-April 04
I'm the IT guy at my job and I have dual NICs in my Dell 755. One NIC is connected to my company's corporate domain and is used to access internal sites and the file server (10.160.xx.xx subnet) and the other NIC is used to connect to the corporate network but bypasses the firewall/filtering software (10.1.xx.xx subnet). I'm using a program called ForceBindIP so that I can make specific programs use specific interfaces. The problem that I'm having is that when both interfaces are enabled Windows seems to get confused as to which DNS to use for which interface. Everything worked fine for a day or so until my co-worker disconnected one of my lines because other people in the office needed it, when I reconnected my line this problem started happening.

If both interfaces are enabled and have the correct IP addresses, web browsing on both browsers linked to their respective interfaces doesn't work because it says that it can't resolve domain names to IP addresses, yet if you use IP addresses everything works fine. As soon as one interface is disabled, everything works fine once again. The NICs are assigned the proper DNS addresses (domain NIC uses the doman's DNS server, the outside NIC uses Comcast's DNS).

I've tried reboots and ipconfig release and renew and it doesn't seem to fix the problem. Any other ideas?

Edited by Brando569, 21 March 2013 - 10:42 AM.



How to remove advertisement from MSFN

#2
uid0

uid0

    Advanced Member

  • Member
  • PipPipPip
  • 357 posts
  • Joined 12-June 06
Can you run a VM with a 2nd IP address instead?

#3
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,567 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

I've tried reboots and ipconfig release and renew and it doesn't seem to fix the problem. Any other ideas?


It would be logical to uninstall the TCP/IP stack and BOTH nic's and reinstall/reconfigure the whole lot. :unsure:

A tool like this (example):
http://www.eusing.co...ip_switcher.htm
might be of use, however (to save and re-apply settings).

jaclaz

#4
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,902 posts
  • Joined 28-April 06
  • OS:Server 2012
  • Country: Country Flag

Donator

You should maybe contact your network admin to see if you can get a static IP for use in the corporate network, but I suspect that they wouldn't like the idea of you doing this in the first place. :whistle:
MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
msfn2_zpsc37c7153.jpg

#5
Brando569

Brando569

    Advanced Member

  • Member
  • PipPipPip
  • 413 posts
  • Joined 28-April 04
@uid0 A VM wouldn't be ideal, it would just be easier to stick with my current solution of disabling one interface when I need access to the other.

@jaclaz I could try that. How would I go about removing and reinstalling the TCP/IP stack, in the 15 years of using Windows I've never once done that. That tool may be useful also but probably not considering the that IPs are different subnets depending on the which interface it is.

@Tripredacus Even though I've met him and talk to him occasionally, I'm pretty sure he wouldn't be too fond of this, neither would my boss. So a static IP is out of the question, I don't understand how this would help with DN resolution though. Are you confusing DHCP (serves out IP address) with DNS (correlates domain names to IP addresses)?


I actually just installed Arch Linux on one of the boxes here in my office (since I'm a Linux guy first and foremost, and my boss said that I could do it) and I know it would be easier to do in Linux but I've hit a roadblock since my domain admin account doesn't have the privileges to add computers to domains so I'm waiting on seeing if I can do that :-/

#6
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,567 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

@jaclaz I could try that. How would I go about removing and reinstalling the TCP/IP stack, in the 15 years of using Windows I've never once done that. That tool may be useful also but probably not considering the that IPs are different subnets depending on the which interface it is.

My bad :blushing: , I should have said "reset" TCP/IP:
http://support.micro...kb;en-us;299357

BUT :ph34r: , let me doubt the 15 years :w00t:, on NT and 2K you could actually uninstall it allright:
http://www.ni.com/su...work/nt_tcp.htm
http://support.micro...kb/285034/en-us

The mentioned tool simply saves some settings to a file and then is able to restore them, it couldn't care less about the subnet on which the IP's are, but it represents only a possible way to save some re-typing of the settings.

jaclaz

#7
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
  • Joined 13-January 06
You shouldn't be doing this in the first place : bypassing the firewall could be considered by your security officer as a fault and they have the right (depending on your contract) to fire you and even sue you.

#8
ihateusernames

ihateusernames

    Newbie

  • Member
  • 32 posts
  • Joined 20-December 12
  • OS:none specified
  • Country: Country Flag
I've run into problems like this on a regular basis in various Windows versions. It seems like it can handle having both a LAN and a WAN connection, but there is no rhyme or reason as to which is which. I've gotten it to work before, but it's always a crapshoot. I can't imagine getting two separate internet connections to work at the same time.

#9
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,567 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

You shouldn't be doing this in the first place : bypassing the firewall could be considered by your security officer as a fault and they have the right (depending on your contract) to fire you and even sue you.

Sure, and depending on what sites you access from the non firewall filtered connection you may have the g-men break into your house at 4:00 AM :w00t: , taking you to Gitmo, without the possibility of any legal assistance. :ph34r:

Come on :).


jaclaz

#10
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
  • Joined 13-January 06


You shouldn't be doing this in the first place : bypassing the firewall could be considered by your security officer as a fault and they have the right (depending on your contract) to fire you and even sue you.

Sure, and depending on what sites you access from the non firewall filtered connection you may have the g-men break into your house at 4:00 AM :w00t: , taking you to Gitmo, without the possibility of any legal assistance. :ph34r:

Come on :).


jaclaz


Just an example with stats and another.
Of course if you don't care to keep your work, you can do what ever pass by your mind (and get directly to prison depending which rule you broke).
People are usually fired for a smaller mistakes and i know at least an ex-coworker who got fired for using the network of the client company to transfer movies and tv series with another one. Our company could even sue him but decided not to as the matter needed to stay private and the client company "only requested that he wouldn't be allowed to enter its building".

Jaclaz, come one, real life isn't somewhere without rules. It is the exact opposite: there are rules everywhere and depending which one you break lead you to prison. Just try to walk outside nude (you are not harming anyone except yourself and might get a cold) but you could end up like Stephen Gough.
Of course i disagree with some rules and i agree with others just like many of us.

#11
Brando569

Brando569

    Advanced Member

  • Member
  • PipPipPip
  • 413 posts
  • Joined 28-April 04


@jaclaz I could try that. How would I go about removing and reinstalling the TCP/IP stack, in the 15 years of using Windows I've never once done that. That tool may be useful also but probably not considering the that IPs are different subnets depending on the which interface it is.

My bad :blushing: , I should have said "reset" TCP/IP:
http://support.micro...kb;en-us;299357

jaclaz


Thanks for the info, a TCP/IP stack reset seemed to fix the problem. I'm surprised that I never had to use that before, you learn something new every day :) The only problem now is that name resolution within the domain seems to be a little slow, but hell it's better than having to keep switching interfaces! Edit: I didn't really work actually, some pages were unblocked while others were still blocked :-/ As soon as I disabled the inside line, everything was accessible so it seems that it's still getting confused.

@Allen2 thanks for the concern but keep ethical issues out of here considering it doesn't help answer the problem at all and just clogs up the thread. Also I can use the "outside line" whenever I would like, I just have to walk into our MDF and connect it. This solution just saves me a few minutes of time whenever I need to access something outside of our network.

Edited by Brando569, 25 March 2013 - 11:13 AM.


#12
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag
If you have two connections to the SAME major network and both have a gateway, Windows will indeed have issues with routing (and modifying binding via program adds an additional layer of complexity that furthers Windows being unaware of what you're doing). Windows isn't designed to route multiple network interfaces to the same major network - if you want internet access to work on one segment and not on another, you need to make sure only that interface has a default gateway set (although that will mean anything that needs to find a route outside the networks directly available will use the interface with the gateway set). There's a bit more to it than this, but that's the "in a nutshell" version - if you have two network interfaces to the same network, and both have gateways, Windows will eventually get confused. Only one interface can have a gateway, or you're going to need to set static routes for everything you want going over each interface - otherwise, you're going to have routing issues.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#13
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,567 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

Jaclaz, come one, real life isn't somewhere without rules. It is the exact opposite: there are rules everywhere and depending which one you break lead you to prison. Just try to walk outside nude (you are not harming anyone except yourself and might get a cold) but you could end up like Stephen Gough.
Of course i disagree with some rules and i agree with others just like many of us.

Sure, there are Rules (and personally I tend to comply with them) the whole point being that you have NO way to know WHICH specific Rules is Brando569 subject to.

If instead of the "scary tactic" :ph34r: implied in:

You shouldn't be doing this in the first place : bypassing the firewall could be considered by your security officer as a fault and they have the right (depending on your contract) to fire you and even sue you.

you had used a plainer ;) :

Please do consider whether bypassing the firewall with that connection is in compliance with the policies your company has set, as it is common that such a behaviour is prohibited.

I wouldn't have commented on it. :)


jaclaz

#14
Brando569

Brando569

    Advanced Member

  • Member
  • PipPipPip
  • 413 posts
  • Joined 28-April 04
Thanks for the info Cluberti, I'll look into setting static routes then! :)

Edit: I looked up how to do it and the process is simple but the idea behind it is confusing me. Using this page as a reference, should I define a route from the internal domain (10.66.160.xxx) to the external network (10.1.10.xxx) or vice versa? I'm trying to understand how this works since I'm a novice when it comes to routing and I have no idea how the routing tables for our network are setup since there are multiple domains and they span the entire USA. The only things I would like outside access for are web browsing and SSH (to my home computer) I need internal access for internal websites, remote desktop connections and SMB shares.

Edited by Brando569, 26 March 2013 - 10:51 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users