Why does DNS resolution fail when using a VTI interface through a site-to-site VPN?
Options
Zyxel_Stanley
Posts: 1,435 
Zyxel Employee
Zyxel Employee
Question:
Why couldn’t my DNS server resolve domain names when using a VTI interface through a site-to-site VPN, and why did it only start working after specifying the DNS server’s IP address directly?
Answer:
DNS resolution failed because the VTI (Virtual Tunnel Interface) was not fully configured to allow proper traffic forwarding between the VPN firewalls. For VTI to function correctly, both VTI interfaces should be assigned IP addresses within the same subnet to ensure seamless routing.
When the DNS server’s IP address was entered directly, the firewall was able to send queries to the correct destination.(local-out traffic)
0
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 529 USG FLEX H Series
- 333 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 292 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight