said by jester121:I'm a bit confused about how changing DNS broke VPNs...
It didn't affect the VPN between the routers, I just mentioned VPN as the pipe between offices.
said by jester121:EDIT - Okay, now I see what you're talking about. If nothing else this certainly pointed out the need for proper internal DNS resources for your client's branch offices, right?
They did, I set it up that way. All desktops, network printers etc. had DNS name entries (resource records) on the company's own DNS server. An option can be enabled in the DNS server that
if a DNS lookup fails, it will next try to resolve names for a client by querying the integrated WINS database. Since DNS lookups never failed, instead returning valid records pointing to "helpful paid search results" page, the company's DNS server never tried to query the WINS data. The desktop clients could not find their mail or SQL servers.
I know some people would blame it on MS but in light of active directory integrated with DNS, WINS is actually deprecated and used primarily for backward compatibility. So I can understand DNS lookups being first over WINS lookups.
Although the DNS redirects were only meaningfull to a web browser, it broke other apps.
The ISPs which redirect mis-spelled names are also breaking another well established rule: they are making themselves
Authoritative for domain names that they do not own by providing DNS answer records for non existent names. As much as I hate it, at least when some pr0n site operators deliberately register mis-spellings of well known names and redirect those to their own sites, they
own those mis-spelled domain names. When an ISP takes it upon themselves to be helpful and e.g. redirect guugle.com for their own purpose, the ISP does not own either guugle.com or google.com.
I understand that DNS protocol allows use of wildcards but I don't believe it was intended to be used like this, otherwise why would the protocol have a 'not found' error return code? IMO wildcards were intended to be used as a catch-all for non-specific sub-domains by the owner of the next-level-up domain.