Solved

DNS Integration with remote sites via VPN

Posted on 2007-03-19
13
189 Views
Last Modified: 2010-04-18
We have a Windows 2003 SBS hosted in the UK (192.168.240.x) and we have an overseas branch (192.168.0.x) that connects to the server via a Firewall to Firewall IKE VPN. We can join and connect to the SBS domain by putting an entry in the HOSTS file on the PC's pointing at the SBS. All computers added to the domain show in AD. What I'm trying to do if automatically add those computers into DNS. Only the servers on the 192.168.240 domain are listed in DNS on the SBS. If I manually add an A record, that doesn't appear to work either. Is there a solution to this as I would like to browse via an RDP session from the server to one of the remote PC's using the PC name rather than IP address.
0
Comment
Question by:helpint
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18749203

Hello there,

I take it you don't have a Domain Controller in the remote site?

Otherwise, can't you just configure them to use the DNS Server in the UK for name resolution?

Chris
0
 

Author Comment

by:helpint
ID: 18749224
They can from the remote site but the DC cannot resolve to the PC's at the remote end.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18749278

If they're using the UK DC as the DNS Server, and they're members of the Domain they should be able to Dynamically Register their names into DNS without you having to do anything.

I assumed that, at the moment, they use something like the local Firewall as their DNS Server in TCP/IP configuration.

Chris
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:helpint
ID: 18749353
The remote PC's join the UK domain and are using that as the primary DNS server. When they join the domain, none of the remote PC's get added to DNS. Is there something that I have to do to enable this? If I add an A record manually, that still can't seem to resolve back to the IP on the different subnet.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18749592

Both ways should work.

On one of the remote clients, can you run:

ipconfig /registerdns

Then check the event log for DNSAPI errors?

None of hte clients use anything more than the SBS Server in their DNS settings do they?

Chris
0
 

Author Comment

by:helpint
ID: 18755127
Only the SBS DNS is set on the clients. Nothing shows in any error log after running registerdns nor does it appear in DNS.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18755190

They have their Primary DNS Suffix set correctly I take it?

The VPN doesn't perform any network filtering?

Chris
0
 

Author Comment

by:helpint
ID: 18755817
Yes, it all looks correct The VPN doesn't do any filtering.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18755842

Can you confirm that Dynamic Updates is enabled? Properties for the Forward Lookup Zone in the DNS Console.

Have you setup your DHCP server so it is pushing entries into DNS on the clients behalf? If so, that can also stop the clients correctly registering.

Chris
0
 

Author Comment

by:helpint
ID: 18756110
Dynamic Updates not enabled. Do I select Nonsecure and secure or Secure only? The clients get an IP from a DHCP server on their remote site that is not part of the domain. They are on a separate subnet. Could this be the problem?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 18756118

If all the PCs you want in there are a member of the Domain then set it to Secure Only.

If they're not then you would need to set Nonsecure.

The DHCP server is unimportant, provided it's not been told to update DNS on the clients behalf (which you can only do if it's Windows DNS, so I shouldn't worry about it).

Chris
0
 

Author Comment

by:helpint
ID: 18756198
Woo hoo! That did it.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18756231

Glad it's all sorted out :)

Chris
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question