how to properly configure dns on a remote site

Posted on 2006-03-27
Last Modified: 2012-05-05
I have a head office and remote stores.

In the head office i have my root DC.  I was told to setup domains in the same forest for the remote sites.  I'm looking to manage all the remote sites from head office when it comes to users/gpo/software deployment.  My problem is that i'm not very familiar with the whole remote site setup. The main problem is the DNS. I have secure vpn tunnels setup between remote sites and head office. I need the domain to replicate, but when the vpn is down the remote domain will still function i guess they will only replicate once the vpn is up, that's fine with me. I need detailed instructions on how to connect the remote dns to work with my head office.

thanks you
Question by:intellie_ex
    LVL 48

    Expert Comment

    Hi intellie_ex,

    at the site level i would install DNS and add the root DC as a forwarder

    make sure you can resolve the root DC using nslookup on the name and IP

    after that  i would let DCPROMO look after DNS for you, it will pull the records down from the root DC and configure it the best way it sees fit

    we have a very similar situation. Each site should have a GC configured also

    you will be able to manage down to machine level from your root domain

    its just a quick undetailed response as i was just leaving the office Hope it Helps a bit, if you need more details just post

    LVL 33

    Accepted Solution

    Remote DC/DNS setup
    1) Add new Windows 2003 member server to the remote site  (make sure DNS is pointed to your main site Windows 2003 DNS server in this servers TCP/IP properties)
    2) Run DCPROMO on the new Windows 2003 member server.  Choose Additional domain controller for an already existing domain in the DCPROMO wizard.  
    3) Your Windows 2003 server in the remote site is now a domain controller.
    4) After the reboot, install the DNS service.  Add/Remove programs, Add/REmove Windows components --> Networking Services --> Chceck DNS
    5)  Wait a while....DNS will automatically replicated to this server.  This is because the DNS database is automatically stored in Active Directory (by default).  So, every DC will have a copy of the DNs database.  Adding the DNS serive to a DC will enable clients to use the DNS database through the server.
    6) Point DNS properly.  Microsoft recommends these settings:  

    Question: Why do I have to point my domain controller to itself for DNS?

    Answer: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.

    So, adjust the TCP/IP settings of your new Windows 2003 DC so that TCP/IP DNS setting points to itself primarily and to your remote Windows 2003 DNS server as secondary.  No other DNS servers should be listed.  And remember to add the new Windows 2003 DNS server IP to your main site DNS secondary.

    7) Configure DNS forwarding to the internet.  Go into the DNS console on your new server.  Right click your server name and choose properties from the drop down list.  Click the forwarders tab.  Enter the IP address of your ISP DNS servers here... this will allow your server to forward DNs requests to the internet on your clients behalf.

    8) don't forget, you will have to point clients that exist in the remote site to use this new DNS server.  Make sure in the TCP/Ip properties of your clients that DNs is set to use the local DNs server first and the remote DNS server secondarily.  Remember not to put ISP DNS servers anywhere...all Windows 2003 memembers must be pointed to internal Windows DNS servers only.

    CREATE a NEW SITE IN AD Sites and Services....

    1) Open AD Sites and Services.
    2) Right click SITES folder and choose NEW SITE.
    3) Add a name for your remote site (i.e. REMOTE-SITE)  Click OK again
    4) Right click SUBNETS folder and choose NEW Subnet
    5) Add the subnet that exists for your remote site (i.e.
    6) Highlight the new site you created (REMOTE-SITE) in the lower window [here we are associating the new subnet with the new site] - Click OK
    7) Now....expand the Default Firsts Site Name and highlight the servers folder.  Right click the Domain controller that exists in the remote site and choose MOVE in the drop down box.  Move this server to the REMOTE-SITE site.
    8) Go to your REMOTE-SITE folder, expand servers, expand your DC name, Right Click NTDS Settings and choose properties.  Make sure there is a check mark next to GLOBAL CATALOG.

    Done...  The importance of AD Site and Servers is that clients will now be aware of what DC is closest to them.  AD Sites are organized by well connected subnets.  Whenever a network goes over a WAN link, a new site should be created.  You should have a DC a each LAN site.  By using AD Sites and services, your clients will realize that they should logon using the local DC...and not the remote one.  If the client needs to refer to active directory for anything, they will now prefer to look to the local one to thier site.

    -hope this helps..


    Author Comment

    K i did all the steps, look fine.

    so now if i add a host in the main site dns, it will replicate to my remote sites?
    LVL 33

    Expert Comment


    Author Comment

    k, everything works great. thanks

    I will need some help with managing user access for all remote sites from Head Office.. I will post that quesiton soon.

    Thanks again for you time.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now