Solved

PIX 501site to site VPN - DNS question

Posted on 2007-04-06
3
251 Views
Last Modified: 2010-04-09
I have a few questions before I configure a site to site VPN...There are 3 locations, HQ, remote1, and remote2. HQ is the only location with a server (2003 Server). Both remote sites have XP machines in a workgroup using the ISP's DNS. I need to configure the network so all PC's are a member of the HQ domain and can access domain resources. My question centers around the proper DNS setup at the remote sites...


I was planning on configuring DHCP on the remote PIX's to distribute addresses. I am a bit confused about what to enter for the DNS information...I know that I need for the client PC's to look at the server for Active Directory DNS...in a typical Windows domain, all client PC's point to the domain controller (or other DNS server) only.  What is confusing me is how I handle Internet dns requests at the remote sites. In other words, if I have all remote machines pointing to the HQ domain controller for DNS, then they will also look to this server to handle Internet DNS requests.  I obviously don't want a machine at remote1 to have to query the HQ DC over a WAN link to get to google.com, for example. What is the proper way to configure DNS for this scenario?  
0
Comment
Question by:FIFBA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 18867640
Actually having the remote PC use only your HQ DNS server is correct. Adding the local ISP's DNS will cause slow logons, and name resolutions. From a performance point of view it will still actually work quite well. I doubt the users will notice the difference. The problem with this scenario is if the VPN link or remote server gores down they have no Internet access. As a rule loosing the server is the bigger issue, as there is no access to resources or even the ability to authenticate to the domain.
The way to resolve, when possible, is to add a local server running active directory which will automatically replicate user account and DNS information..
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 250 total points
ID: 18867786
Agree with Rob. You have no choice except to point the users to your AD DNS server at HQ and let it resolve everything for them. You can always add a local ISP DNS as secondary so that if the vpn fails or DNS server fails for some reason, they can still get to Google. Trouble is that if they are in a domain, they won't be able to log in except with cached credentials if the VPN is down.
It does work just fine over VPN. Just be sure that the AD DNS is setup properly and end hosts are set to register themselves in DNS. You  might find it necessary to enable WINS on your HQ network and add the WINS IP's to the DHCP configuration so that the end hosts actually find the domain controller when they first join the domain. You should not have to, but it often solves problems with name resolution over a WAN link and a VPN is just another WAN link.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18868028
Thanks FIFBA.
Cheers !
--Rob
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question