PIX 501site to site VPN - DNS question
Posted on 2007-04-06
I have a few questions before I configure a site to site VPN...There are 3 locations, HQ, remote1, and remote2. HQ is the only location with a server (2003 Server). Both remote sites have XP machines in a workgroup using the ISP's DNS. I need to configure the network so all PC's are a member of the HQ domain and can access domain resources. My question centers around the proper DNS setup at the remote sites...
I was planning on configuring DHCP on the remote PIX's to distribute addresses. I am a bit confused about what to enter for the DNS information...I know that I need for the client PC's to look at the server for Active Directory DNS...in a typical Windows domain, all client PC's point to the domain controller (or other DNS server) only. What is confusing me is how I handle Internet dns requests at the remote sites. In other words, if I have all remote machines pointing to the HQ domain controller for DNS, then they will also look to this server to handle Internet DNS requests. I obviously don't want a machine at remote1 to have to query the HQ DC over a WAN link to get to google.com, for example. What is the proper way to configure DNS for this scenario?