Home

External private IP addresses registering with DNS server

%3CLINGO-SUB%20id%3D%22lingo-sub-480709%22%20slang%3D%22en-US%22%3EExternal%20private%20IP%20addresses%20registering%20with%20DNS%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-480709%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20been%20trying%20to%20fine-tune%20our%20NIDS%20configuration%20(which%20predates%20my%20employment%20here)%20and%20more%20specifically%20trying%20to%20figure%20out%20why%20certain%20IP%20addresses%2Franges%20that%20we%20don't%20use%2C%20keep%20appearing%20in%20reports%2Flogs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20I've%20figured%20out%20the%20root%20cause%2C%20but%20I'm%20not%20sure%20of%20the%20best%20way%20to%20fix%20it%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20number%20of%20remote%20users%20who%20connect%20to%20our%20network%20by%20VPN.%20As%20best%20I%20can%20tell%2C%20when%20their%20laptops%20connect%20to%20the%20network%2C%20they're%20sending%20updates%20to%20the%20DNS%20server%20running%20on%20the%20DC%20with%20both%20the%20IP%20address%20of%20their%20VPN%20interface%20(routable%20on%20our%20network)%20and%20their%20private%20IP%20address%20on%20their%20home%20LAN%20(obviously%20not%20routable)%20-%20if%20I%20do%20an%20nslookup%20on%20a%20domain%20machine%2C%20the%20DC%20returns%20two%20A%20records%2C%20one%20for%20each%20address.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20has%20a%20slight%20ripple%20effect%20through%20the%20network%20-%20which%20manifests%20mostly%20with%20Windows%20Update%20Delivery%20Optimization%2C%20where%20the%20peer%20discovery%20process%20frequently%20gets%20the%20non-routable%20private%20IP%20somehow%20and%20then%20tries%20to%20download%20Windows%20updates%20from%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELong%20story%20short%3A%20what%20is%20the%20best%20way%20to%20prevent%20VPN'ed%20machines%20from%20registering%20external%20private%20IP%20addresses%20with%20the%20DNS%20server%20running%20on%20the%20DC%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-480709%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDNS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EManagement%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
jc_dbl
Visitor

Hello all,

 

I've been trying to fine-tune our NIDS configuration (which predates my employment here) and more specifically trying to figure out why certain IP addresses/ranges that we don't use, keep appearing in reports/logs.

 

I think I've figured out the root cause, but I'm not sure of the best way to fix it:

 

We have a number of remote users who connect to our network by VPN. As best I can tell, when their laptops connect to the network, they're sending updates to the DNS server running on the DC with both the IP address of their VPN interface (routable on our network) and their private IP address on their home LAN (obviously not routable) - if I do an nslookup on a domain machine, the DC returns two A records, one for each address.

 

This has a slight ripple effect through the network - which manifests mostly with Windows Update Delivery Optimization, where the peer discovery process frequently gets the non-routable private IP somehow and then tries to download Windows updates from it.

 

Long story short: what is the best way to prevent VPN'ed machines from registering external private IP addresses with the DNS server running on the DC?

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies