Why does DNS resolution fail when using a VTI interface through a site-to-site VPN?
Options
Zyxel_Stanley
Posts: 1,436 
Zyxel Employee
Zyxel Employee
Question:
Why couldn’t my DNS server resolve domain names when using a VTI interface through a site-to-site VPN, and why did it only start working after specifying the DNS server’s IP address directly?
Answer:
DNS resolution failed because the VTI (Virtual Tunnel Interface) was not fully configured to allow proper traffic forwarding between the VPN firewalls. For VTI to function correctly, both VTI interfaces should be assigned IP addresses within the same subnet to ensure seamless routing.
When the DNS server’s IP address was entered directly, the firewall was able to send queries to the correct destination.(local-out traffic)
0
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 222 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.5K Security
- 619 USG FLEX H Series
- 348 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 53 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 485 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 105 Security Highlight