Solved

DNS Integration with remote sites via VPN

Posted on 2007-03-19
13
186 Views
Last Modified: 2010-04-18
We have a Windows 2003 SBS hosted in the UK (192.168.240.x) and we have an overseas branch (192.168.0.x) that connects to the server via a Firewall to Firewall IKE VPN. We can join and connect to the SBS domain by putting an entry in the HOSTS file on the PC's pointing at the SBS. All computers added to the domain show in AD. What I'm trying to do if automatically add those computers into DNS. Only the servers on the 192.168.240 domain are listed in DNS on the SBS. If I manually add an A record, that doesn't appear to work either. Is there a solution to this as I would like to browse via an RDP session from the server to one of the remote PC's using the PC name rather than IP address.
0
Comment
Question by:helpint
  • 7
  • 6
13 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18749203

Hello there,

I take it you don't have a Domain Controller in the remote site?

Otherwise, can't you just configure them to use the DNS Server in the UK for name resolution?

Chris
0
 

Author Comment

by:helpint
ID: 18749224
They can from the remote site but the DC cannot resolve to the PC's at the remote end.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18749278

If they're using the UK DC as the DNS Server, and they're members of the Domain they should be able to Dynamically Register their names into DNS without you having to do anything.

I assumed that, at the moment, they use something like the local Firewall as their DNS Server in TCP/IP configuration.

Chris
0
 

Author Comment

by:helpint
ID: 18749353
The remote PC's join the UK domain and are using that as the primary DNS server. When they join the domain, none of the remote PC's get added to DNS. Is there something that I have to do to enable this? If I add an A record manually, that still can't seem to resolve back to the IP on the different subnet.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18749592

Both ways should work.

On one of the remote clients, can you run:

ipconfig /registerdns

Then check the event log for DNSAPI errors?

None of hte clients use anything more than the SBS Server in their DNS settings do they?

Chris
0
 

Author Comment

by:helpint
ID: 18755127
Only the SBS DNS is set on the clients. Nothing shows in any error log after running registerdns nor does it appear in DNS.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 18755190

They have their Primary DNS Suffix set correctly I take it?

The VPN doesn't perform any network filtering?

Chris
0
 

Author Comment

by:helpint
ID: 18755817
Yes, it all looks correct The VPN doesn't do any filtering.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18755842

Can you confirm that Dynamic Updates is enabled? Properties for the Forward Lookup Zone in the DNS Console.

Have you setup your DHCP server so it is pushing entries into DNS on the clients behalf? If so, that can also stop the clients correctly registering.

Chris
0
 

Author Comment

by:helpint
ID: 18756110
Dynamic Updates not enabled. Do I select Nonsecure and secure or Secure only? The clients get an IP from a DHCP server on their remote site that is not part of the domain. They are on a separate subnet. Could this be the problem?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 18756118

If all the PCs you want in there are a member of the Domain then set it to Secure Only.

If they're not then you would need to set Nonsecure.

The DHCP server is unimportant, provided it's not been told to update DNS on the clients behalf (which you can only do if it's Windows DNS, so I shouldn't worry about it).

Chris
0
 

Author Comment

by:helpint
ID: 18756198
Woo hoo! That did it.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18756231

Glad it's all sorted out :)

Chris
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now