Why does DNS resolution fail when using a VTI interface through a site-to-site VPN?
Options
Zyxel_Stanley
Posts: 1,436 
Zyxel Employee
Zyxel Employee
Question:
Why couldn’t my DNS server resolve domain names when using a VTI interface through a site-to-site VPN, and why did it only start working after specifying the DNS server’s IP address directly?
Answer:
DNS resolution failed because the VTI (Virtual Tunnel Interface) was not fully configured to allow proper traffic forwarding between the VPN firewalls. For VTI to function correctly, both VTI interfaces should be assigned IP addresses within the same subnet to ensure seamless routing.
When the DNS server’s IP address was entered directly, the firewall was able to send queries to the correct destination.(local-out traffic)
0
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 217 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 578 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 6.9K Consumer Product
- 297 Service & License
- 476 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 102 Security Highlight