Using On-Premise DNS (Pi hole) in VPN environment

Question

Using On-Premise DNS (Pi hole) in VPN environment

Michail 26

I have set up a site-to-site connection between our local network and an Azure Virtual Network (VNet), with a VPN gateway facilitating connectivity between our local network and a VPN client. Within our company, we have a pi-hole server managing some xxx.local DNS records. When I connect to the Azure VNet using the Azure VPN client, I can successfully ping and connect to on-premise devices without any issues. However, when I attempt to change the DNS settings of the Virtual Network from the standard Azure ones to our on-premise DNS (local) IP address, I encounter problems. Not only am I unable to reach my custom DNS records, but I also lose internet access altogether. Additionally, when I use 'ipconfig /all', the DNS server does not appear. I suspect there might be some DNS forwarding mechanism at play here that redirects to the specified DNS IP address, but fails to connect to it, as public DNS servers do work. Does anyone have any insights or suggestions on how to configure an on-premise DNS server to function properly for a VPN client? Thank you. Edit: "nslookup google.com dns_server_ip" also doesnt work.

KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2024-02-09T12:09:19.42+00:00
@Michail

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I am afraid I did not understand your exact requirement here.

Is your goal to change the DNS server of the Virtual Network to the OnPrem DNS Server ?

or

Is it to change the DNS settings of the P2S Connected servers to use the OnPrem DNS Server.

I assume it is the latter, but please confirm.

In this case, I take it that you are specifying the DNS server as the OnPREM DNS server IP in this section Add custom DNS servers ?

Can you confirm?

Can you confirm if you have specified the domains for which the DNS requests needs to be routed via the P2S Connection?

See : DNS suffixes

The DNS queries are forwarded to the DNS Server IP only for the DNS Suffixes you configure in the XML file.

Cheers,

Kapil
Michail 26 Reputation points

2024-02-09T16:24:26.62+00:00

Hi it is: So P2S Connected clients to use the OnPrem DNS Server. I did you steps and still not working unfortunately. Is there more info I can give to clarify things? My suffixes do show up when I use command: Get-DnsClientNrptPolicy
KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2024-02-12T05:03:13.2633333+00:00
@Michail

I am not sure if this scenario is supported. I shall check this internally and report back to you soon.

Meanwhile, can you share the results of

Open a CMD as Admin in a P2S Connected device.

Run ping <OnPrem DNS Server IP>

Run nslookup www.microsoft.com <OnPrem DNS Server IP>

And share the results please.

Cheers,

Kapil
Michail 26 Reputation points

2024-02-12T20:34:27.1166667+00:00

Hi I fixed it. All I had to do is change the "Interface settings" to "Respond only on interface eth0" in the DNS section of the pi-hole settings. Now just setting the server ip in the DNS settings of the VNET is doing exactly what I need.

Accepted answer

0 additional answers

Your answer

KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2024-02-09T12:09:19.42+00:00

@Michail

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I am afraid I did not understand your exact requirement here.

Is your goal to change the DNS server of the Virtual Network to the OnPrem DNS Server ?

or

Is it to change the DNS settings of the P2S Connected servers to use the OnPrem DNS Server.

I assume it is the latter, but please confirm.

In this case, I take it that you are specifying the DNS server as the OnPREM DNS server IP in this section Add custom DNS servers ?

Can you confirm?

Can you confirm if you have specified the domains for which the DNS requests needs to be routed via the P2S Connection?

See : DNS suffixes

The DNS queries are forwarded to the DNS Server IP only for the DNS Suffixes you configure in the XML file.

Cheers,

Kapil
Michail 26 Reputation points

2024-02-09T16:24:26.62+00:00

Hi it is: So P2S Connected clients to use the OnPrem DNS Server. I did you steps and still not working unfortunately. Is there more info I can give to clarify things? My suffixes do show up when I use command: Get-DnsClientNrptPolicy
KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator

2024-02-12T05:03:13.2633333+00:00

@Michail

I am not sure if this scenario is supported. I shall check this internally and report back to you soon.

Meanwhile, can you share the results of

Open a CMD as Admin in a P2S Connected device.

Run ping <OnPrem DNS Server IP>

Run nslookup www.microsoft.com <OnPrem DNS Server IP>

And share the results please.

Cheers,

Kapil
Michail 26 Reputation points

2024-02-12T20:34:27.1166667+00:00

Hi I fixed it. All I had to do is change the "Interface settings" to "Respond only on interface eth0" in the DNS section of the pi-hole settings. Now just setting the server ip in the DNS settings of the VNET is doing exactly what I need.

Answer 1

@Michail

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

Issue :

Use OnPrem Custom DNS server for P2S Clients via transit over Azure (P2S ---- AzVPNGateway ---- S2S)

Solution :

You changed the "Interface settings" to "Respond only on interface eth0" in the DNS section of the pi-hole.
Post this just setting the server IP in the DNS settings of the VNET does the trick.

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Share via

Using On-Premise DNS (Pi hole) in VPN environment

0 additional answers

Your answer