Making ConnectionsDNS Forwarding off Private Access
I'm trying to find a way to fix an issue we have related to DNS forwarding and Windows Active Directory. We have internal DNS servers on the AD DC's and Cato setup to do DNS forwarding. This works fine when the DC's are contactable, but when they aren't (but DNS still resolves) then we get quite a lot of lag on the Windows clients.
When clients are away from the office and Secure Private access is disconnected, we see some slow behaviour with the windows client. E.g. when unlocking the screen or entering the wrong password.
This seems to be related to the client trying to contact the domain controller and waiting for a timeout (the DC is unreachable because private access is disconnected). I've captured the traffic using wireshark on the client laptop and it's sending the traffic to the CatoNetworks interface but I can't see the traffic in the Cato cloud to allow me to manage this traffic.
I can't remove the DNS forwarding because we need it when the private access is connected and for office users, but I need to stop windows thinking the domain is accessible when it is not!
Anyone seen this behaviour before or know a way to resolve it?
I've been doing a bit more investigating with different settings, and I think this is actually something Windows/Domain related as it's happening occasionally when private access is connected.
Going to have a chat with the AD team in the new year and see if we can update some timers.
