So you are not using DHCP at all for the clients on wireless?
Are you using zones in your DNS config that may be causing the Vista wireless clients on network X to receive a different reply from those on the fully wired network Y?
I'm having some trouble with my home network, and was wondering if anyone could shed some light on the causes, and hopefully, solutions, as I'm not clear on how DNS is actually supposed to work, so I'm not sure if I'm doing it right anyway...
I have a dual-homed Linux server running my home network. It does DHCP, NAT, DNS, and other goodies. ETH1 connects to my wireless router, running on it's own subnet. Basically, I run the network my wifi and router on as a DMZ of sorts, so it's all firewalled off from my wired network.
It's the router that seems to be the cause, but only my vista client seems to have an issue.
Because of this, when a wireless client connects, it really needs to use my DNS server to resolve my internal hostnames, as them trying to use the public IP breaks things due to the routing. Annoyingly, the router won't let me specify the DNS servers for the DHCP server it uses, forcing it's own address for the DNS, and proxying it off to those specified.
Problem is, when vista makes a request, it goes off, and my DNS server sees it, and replies. The vista machine gets the reply, but always times out. All of the traffic side of things is monitored using wireshark.
Is vista ignoring the reply because it's come from another host? How can I fix this?
Is this how DNS is supposed to work, or is my router in need of a bugfix?
The wireless router has a DHCP server running on it, which thusly handles the DMZ.
I'm not using any zones as such that I'm aware of...I have my DNS defined in a LDAP tree and pulled out using PowerDNS's LDAP backend.
Essentially, from the internal LAN and DMZ "mail.jamie-thompson.co.uk" is on 192.168.69.100. However, the public DNS points at my external IP instead. When the router is set to use my ISP's DNS servers, DMZ clients can access the internet fine, but as the internal hostnames resolve to the external IP on it's WAN interface, it can't route traffic to the correct host.
If I set the router to use my internal DNS server, then my DNS seems to work fine, but not from the Vista client. It is receiving the response, but it is ignoring it.
Setting the DNS server statically on the Vista client to my internal DNS server makes it work...but means that my DHCP won't just work for visiting Vista laptops etc.
Thinking about it...I suppose I could try disabling the built-in DHCP server and running a second instance on my server on the external interface....something to try!
With BIND zones you can tailor the DNS response of your authoritative DNS server for your amie-thompson.co.uk domain based on the source IP address of the client. So your home net's machines would get 192.168.x.x addresses but the net would get addresses equivalent to the external IP address(es) of your router. Even if you dual home a server you'll have the same problem, the DNS response comes from the BIND process, and is independent of the IP addresses assigned to the server.
I see - you're suggesting split horizon DNS...unfortunately, my external DNS is external on hosted DNS servers.
The crux of what I'm asking here is why is Vista ignoring the replies?
If it works when you have the router point to the internal DNS server, then you need to set up the DNS server to be authoritative for the amie-thompson.co.uk domain and as a caching DNS server for everything else. That way the DNS server will automatically query DNS servers on the web on behalf of the clients on your network whenever they request a lookup for a domain other than amie-thompson.co.uk.
Ok, here's more details...
I have PowerDNS running on the server, bound to the loopback interface, and authoritative for my domain(s), and dnscache bound to the internal interface, and configured as a recursive non-authoritative name server, pointing at the loopback for my domains, and some opendns servers for everything else.
The problem is that the Vista PC won't accept DNS replies from dnscache, yet seemingly, will accept them from my isp's nameservers.