DNS and Mobile VPNs
All network resources in an IPv4 network have an IP address, such as 10.0.2.25. DNS (Domain Name System) allows users to get access to resources by name. When a user attempts to get access to a device by a name, such as www.example.net, the client computer sends a request to its configured DNS server, which returns the IP address associated with that device name. A device name that is linked to one or more IP addresses is known as a hostname.
A hostname that includes the full domain path, such as mail.example.net, is called a FQDN (Fully Qualified Domain Name). Some hostnames, such as mail, do not include the domain path.
How DNS Works Across a VPN
When a Mobile VPN client establishes a VPN tunnel to a Firebox, the device assigns a virtual IP address to the client computer. If a DNS server is configured in the network settings or Mobile VPN settings, the Firebox also assigns the DNS server address to the VPN client. For Mobile VPN with SSL connections, the Firebox can also assign the VPN client a DNS domain name suffix configured in the Mobile VPN with SSL advanced settings.
For IPSec Mobile VPN clients, the Domain Name specified in the network DNS settings on the Firebox is not used as a domain name suffix. You can specify a DNS domain name suffix in the VPN client. For more information, see:
- Configure DNS in the WatchGuard IPSec Mobile VPN client
- Configure DNS in the Shrew Soft IPSec VPN client
If the DNS settings on the Firebox specify a domain name, such as example.net, the domain name is added as a suffix to all DNS requests from VPN clients. If there is no response to the DNS request with the added suffix, the device sends a second DNS request without the suffix. For example, if a client tries to browse to hostname, and the DNS suffix is example.net, the device tries to resolve hostname.example.net.
If a domain name is not specified in the DNS settings on the Firebox, VPN clients must use a FQDN, such as mail.example.net, to send traffic to a resource.