chipsexpert
asked on
Active Directory-Integrated DNS Question
We have two servers (one local and one at a remote location) that are setup for replication of DNS (setup as Active Directory-Integrated). Our workstations at the local office should access the website via the private IP address, but I would like the workstations at the remote office to use the public IP address of the website. The problem is any changes made in DNS to either server replicates back to the other. How I prevent the DNS entry for the website on the remote server to replicate back to the local (or be overwritten for that matter)? or how do I bypass the DNS setting?
ASKER
That might be okay for 5 or 10 users, but not acceptable for 500+ users. How would the DNS handle it for both sides then as you mentioned? (Because thats what I am looking for. I want mywebsite.com to resolve to one IP at "local", and another ip at "remote", but there is a single entry in DNS that gets replicated of mywebsite.com)
You didn't specify how many users until your comment. Why is it not acceptable? You script the change - it'll take 10 minutes.
Again, why must the two sites work differently? The logic is not making sense to me.
Again, why must the two sites work differently? The logic is not making sense to me.
ASKER
The logic is we don't want the traffic to our website from the remote location to bog down the connection across the internal network (I.e. VPN). Thats all. Our website is constanly accessed by our our employees.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only potential hiccups is with a hosts file is when you change the IP of the server. But this is easily fixable with a script.
By hiccups I mean problems ensuring that the host file is up to date on all the workstations. Do you copy the file just once? Do you copy the file during each login?
In my experience the copying process always seems to get messed up somewhere along the way. With 500+ workstations, it just increases the odds a problem on some of the workstations.
Have you considered creating a different DNS record that uses the external address. For example, www2.xxxxxx.com could resolve to the external address. Then direct the users to access that site, or if it's their home page, push it out with group policy.
Still not perfect, but I'd take it over managing hosts files on workstations.
In my experience the copying process always seems to get messed up somewhere along the way. With 500+ workstations, it just increases the odds a problem on some of the workstations.
Have you considered creating a different DNS record that uses the external address. For example, www2.xxxxxx.com could resolve to the external address. Then direct the users to access that site, or if it's their home page, push it out with group policy.
Still not perfect, but I'd take it over managing hosts files on workstations.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think feptias has the most simple and graceful solution. I wish I had thought of it.
How would this method work in the case of site with an SSL cert thats keyed to the domain which is also the name of the Primary AD integrated zone?
In any case, you can just create local hosts files on a workstation and use that to override DNS.