Share via

IP address name resolution issue.

Ibrahim Shaikh 20 Reputation points
2025-04-03T02:10:51.4+00:00

We have a Point-to-Site VPN connection configured in a Hub and Spoke model. When a user connects via the Point-to-Site VPN, they are unable to access the web through the URL, indicating that our DNS resolution is not functioning properly.

Every possible assistance is appreciable. 

Please let me know if it is unclear and need more info.

Thank you.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,722 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Burlachenko 4,550 Reputation points
    2025-04-03T07:20:30.52+00:00

    Dear Ibrahim,

    Thank you for reaching out regarding the DNS resolution issue with your Point-to-Site VPN connection. Below I would like to share with you some troubleshooting steps and recommendations to help resolve your problem

    1. Verify DNS Configuration
    • Ensure the custom DNS servers (if configured) in your Azure Virtual Network (VNet) are reachable from the P2S clients.
    • Check if the VPN clients are receiving the correct DNS server settings via: VPN client configuration (e.g., ipconfig /all after connecting). Azure VPN Gateway settings (under Point-to-site configuration > DNS servers).
    1. Check Azure VPN Gateway Settings
    • Confirm that the DNS servers are correctly specified in: Virtual Network > DNS Servers (Azure-side). VPN Gateway > Point-to-Site Configuration > DNS Servers. If using Azure-provided DNS, ensure no custom DNS is overriding it unintentionally.
    1. Test Basic Connectivity & DNS Resolution
    • From a connected P2S client, run 
    nslookup example.com
ping example.com

    If nslookup fails but ping works (with IP), DNS is the issue.

    If both fail, check network routes (route print) to ensure traffic is routed via the VPN.

    1. Validate VPN Client Configuration

    If using Azure VPN Client, ensure the profile is updated.

    For SSTP/OpenVPN/IKEv2, regenerate the VPN client configuration if DNS settings were recently changed.

    1. Firewall/NSG Rules

    Ensure Network Security Groups (NSGs) or firewalls (on-premises/Azure) are not blocking:

    UDP 53 (DNS queries).

    TCP/IP connectivity to DNS servers.

    1. Additional Checks

    If using split tunneling, confirm DNS requests for internal resources are routed via VPN.

    • For Windows clients, flush DNS cache:
    ipconfig /flushdns

    If the issue persists, may I ask you please provide

    • The output of ipconfig /all from a connected client.
    • Whether public DNS (e.g., 8.8.8.8) works when manually configured.
    • Any errors in VPN client logs (e.g., Azure VPN Client logs).

    Best regards,

    Alex

    P.S. If my answer help to you, please Accept my answer

    0 comments
  2. chrischin 915 Reputation points Microsoft Employee
    2025-04-06T03:21:16.57+00:00

    Ibrahim, you have to specify your DNS servers in your azurevpnconfig.xml file and tell it which DNS suffixes should use your DNS servers rather than the user's regular ISP DNS. See here - https://learn.microsoft.com/en-us/azure/vpn-gateway/azure-vpn-client-optional-configurations

    For example, if the DNS servers are 10.0.100.4 and 10.0.100.5 and are available on the VNET where P2S VPN clients are connected, you can add:

    <azvpnprofile>
<clientconfig>
    <dnsservers>
        <dnsserver>10.0.100.4</dnsserver>
            <dnsserver>10.0.100.5</dnsserver>
    </dnsservers>
</clientconfig>
</azvpnprofile>

    to the azurevpnconfig.xml file

    and if your DNS servers have forward lookup zones for mydomain.org, then you would also include these DNS suffixes

    <azvpnprofile>
<clientconfig>
    <dnssuffixes>
          <dnssuffix>.mydomain.org</dnssuffix>
    </dnssuffixes>
</clientconfig>
</azvpnprofile>

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.