DNS in an AD Site

Posted on 2005-05-09
Last Modified: 2010-04-14
I have set up a domain controller in a remote plant as a site and subnet in AD. I have a VPN link between the two. I'm running dns in the remote site with forwaders to the ISP's dns servers. Here's the gig... I can ping by server name from both sides of the tunnel, so I guess DNS is set up ok. My domain ( is the same address used to hit our site for a citrix logon from the outside world. On my network back home I have an A record to point to the IP of the web server so that internal traffic as well can hit the site I need this same functionality in the new site. Back at the home i can dump the local ip of the webserver in IE and the Nfuse logon page resolves. How come when I do that from the remote site it does not resolve? The ipsec tunnel should be wide open right? Do I need to alter DNS on this side of the tunnel as well?

Any help is much appreciated

Question by:jmarenghi
    LVL 18

    Expert Comment

    Assuming that the local machines in the remote site are pointed at the local dns, rather than the home office one, yes, you do..if the VPN is functioning properly, you are essentially on the same lan at both sites...try this:

    Delete the zones on the new DNS ...then set up your home office DNS server as Active Directory Integrated...then, once that is done, delete the zones on your new DNS and set it up as AD Integrated ..that has two will give you exactly the same entries in both dns servers.....and it will also substantially reduce you replication overhead.

    The other alternative is to install a lmhosts file on the machines in the remote site.


    Author Comment

    Thank you very much... Both DNS's were set up as AD integrated. I poked around and found that the config on my watchguard 1000 at the home office was the problem. The tunnel was set up ok but was killing traffic on the trusted network. Now everything is cruising and the dc's between sites are replicating as well.

    LVL 18

    Expert Comment

    No objections.
    LVL 18

    Expert Comment

    Venabili,  I appreciate the questioneer awarding me points....but given that the solution was one he found himself.....and my answer didn't fit, you should probably change this to your original recommendation....PAQ with points refunded.
    LVL 1

    Accepted Solution

    PAQed with points (200) refunded

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    This video discusses moving either the default database or any database to a new volume.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now