Our internal network is a windows domain, contoso.net. Internally, if a user needs to get to a file server share, they can navigate to \\fileserver\share or \\fileserver.contoso.net\share and both resolve without issue.
We recently stood up an external VPN (Azure P2S) using IKEv2 that is configured to use our internal DNS servers, DNS suffix contoso.net and is configured for split tunneling.
PPP adapter Contoso VPN - User Tunnel:
Connection-specific DNS Suffix . : contoso.net
Description . . . . . . . . . . . : Contoso VPN - User Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.31.1.131(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.5
192.168.1.6
NetBIOS over Tcpip. . . . . . . . : Enabled
Over the VPN, users are able to use the fqdn of servers as before for browsing \\fileserver.contoso.net but are unable to use the 'unqualified' name \\fileserver.
I've come across a number of posts and articles with a similar situation, but I'm not sure if I'm using the right 'terms' when looking for a resolution to this issue. From what I can tell, this connection should be appending the specified suffix contoso.net to unqualified hostnames automatically, but that doesn't appear to be happening.
Using nslookup on both the fqdn and short names try to resolve using my ISP DNS, unless I specify the internal server, in which case they are both successful.
Is there a registry or GPO-based setting that I am missing in order to 'force' automatically appending the specified DNS suffix to hostnames without it?
UPDATE
I changed the metric on the VPN network adapter to '1' and now nslookup defaults to using my internal DNS servers, so both short names and FQDN names resolve with that utility. However, browsing to the short name in file explorer as if to access a file share still does not work, which is ultimately my main issue.
