how to properly configure dns on a remote site

Posted on 2006-03-27
Medium Priority
Last Modified: 2012-05-05
I have a head office and remote stores.

In the head office i have my root DC.  I was told to setup domains in the same forest for the remote sites.  I'm looking to manage all the remote sites from head office when it comes to users/gpo/software deployment.  My problem is that i'm not very familiar with the whole remote site setup. The main problem is the DNS. I have secure vpn tunnels setup between remote sites and head office. I need the domain to replicate, but when the vpn is down the remote domain will still function i guess they will only replicate once the vpn is up, that's fine with me. I need detailed instructions on how to connect the remote dns to work with my head office.

thanks you
Question by:intellie_ex
  • 2
  • 2
LVL 48

Expert Comment

ID: 16308024
Hi intellie_ex,

at the site level i would install DNS and add the root DC as a forwarder

make sure you can resolve the root DC using nslookup on the name and IP

after that  i would let DCPROMO look after DNS for you, it will pull the records down from the root DC and configure it the best way it sees fit

we have a very similar situation. Each site should have a GC configured also

you will be able to manage down to machine level from your root domain

its just a quick undetailed response as i was just leaving the office Hope it Helps a bit, if you need more details just post

LVL 33

Accepted Solution

NJComputerNetworks earned 2000 total points
ID: 16310354
Remote DC/DNS setup
1) Add new Windows 2003 member server to the remote site  (make sure DNS is pointed to your main site Windows 2003 DNS server in this servers TCP/IP properties)
2) Run DCPROMO on the new Windows 2003 member server.  Choose Additional domain controller for an already existing domain in the DCPROMO wizard.  
3) Your Windows 2003 server in the remote site is now a domain controller.
4) After the reboot, install the DNS service.  Add/Remove programs, Add/REmove Windows components --> Networking Services --> Chceck DNS
5)  Wait a while....DNS will automatically replicated to this server.  This is because the DNS database is automatically stored in Active Directory (by default).  So, every DC will have a copy of the DNs database.  Adding the DNS serive to a DC will enable clients to use the DNS database through the server.
6) Point DNS properly.  Microsoft recommends these settings:  http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382  

Question: Why do I have to point my domain controller to itself for DNS?

Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.

So, adjust the TCP/IP settings of your new Windows 2003 DC so that TCP/IP DNS setting points to itself primarily and to your remote Windows 2003 DNS server as secondary.  No other DNS servers should be listed.  And remember to add the new Windows 2003 DNS server IP to your main site DNS server...as secondary.

7) Configure DNS forwarding to the internet.  Go into the DNS console on your new server.  Right click your server name and choose properties from the drop down list.  Click the forwarders tab.  Enter the IP address of your ISP DNS servers here... this will allow your server to forward DNs requests to the internet on your clients behalf.

8) don't forget, you will have to point clients that exist in the remote site to use this new DNS server.  Make sure in the TCP/Ip properties of your clients that DNs is set to use the local DNs server first and the remote DNS server secondarily.  Remember not to put ISP DNS servers anywhere...all Windows 2003 memembers must be pointed to internal Windows DNS servers only.

CREATE a NEW SITE IN AD Sites and Services....

1) Open AD Sites and Services.
2) Right click SITES folder and choose NEW SITE.
3) Add a name for your remote site (i.e. REMOTE-SITE)  Click Ok...click OK again
4) Right click SUBNETS folder and choose NEW Subnet
5) Add the subnet that exists for your remote site (i.e.
6) Highlight the new site you created (REMOTE-SITE) in the lower window [here we are associating the new subnet with the new site] - Click OK
7) Now....expand the Default Firsts Site Name and highlight the servers folder.  Right click the Domain controller that exists in the remote site and choose MOVE in the drop down box.  Move this server to the REMOTE-SITE site.
8) Go to your REMOTE-SITE folder, expand servers, expand your DC name, Right Click NTDS Settings and choose properties.  Make sure there is a check mark next to GLOBAL CATALOG.

Done...  The importance of AD Site and Servers is that clients will now be aware of what DC is closest to them.  AD Sites are organized by well connected subnets.  Whenever a network goes over a WAN link, a new site should be created.  You should have a DC a each LAN site.  By using AD Sites and services, your clients will realize that they should logon using the local DC...and not the remote one.  If the client needs to refer to active directory for anything, they will now prefer to look to the local one to thier site.

-hope this helps..


Author Comment

ID: 16312729
K i did all the steps, look fine.

so now if i add a host in the main site dns, it will replicate to my remote sites?
LVL 33

Expert Comment

ID: 16312901

Author Comment

ID: 16313468
k, everything works great. thanks

I will need some help with managing user access for all remote sites from Head Office.. I will post that quesiton soon.

Thanks again for you time.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question