Server 2008 DNS - Dual Instances?
I have a client that without going into all the details of WHY they would like this, here's what we are trying to accomplish.
We have 6 branch offices connected back to one main office. All computers/Offices are using Active Directory servers back at the main office.
There are two AD servers that also host their DNS. What this customer would like to accomplish is the following.
If the main office makes a DNS request not in their local DNS zone, forward it out to ISP DNS servers.
If any branch server makes a DNS request not in their local DNS zone, forward it out to OpenDNS Servers.
Goal: not to add any more physical Servers (not a VM shop yet) and keep both servers available to the local office.
We cant have all forwarders point to either location, they'd like to split them based on source network.
Right now, I've done a lot of reading on this and it doesn't seem possible to accomplish what they would like to do with a Windows DNS server, but I wanted to toss it out to EE and see if someone has some trickery up their sleeve.
If we cannot find a solution this way, I am thinking that we will recommend they bring up a third DNS server and point the branch offices to that and have it forward to OpenDNS and leave the two main servers at the main office pointing to the ISP DNS.
Thanks for your time.
We have 6 branch offices connected back to one main office. All computers/Offices are using Active Directory servers back at the main office.
There are two AD servers that also host their DNS. What this customer would like to accomplish is the following.
If the main office makes a DNS request not in their local DNS zone, forward it out to ISP DNS servers.
If any branch server makes a DNS request not in their local DNS zone, forward it out to OpenDNS Servers.
Goal: not to add any more physical Servers (not a VM shop yet) and keep both servers available to the local office.
We cant have all forwarders point to either location, they'd like to split them based on source network.
Right now, I've done a lot of reading on this and it doesn't seem possible to accomplish what they would like to do with a Windows DNS server, but I wanted to toss it out to EE and see if someone has some trickery up their sleeve.
If we cannot find a solution this way, I am thinking that we will recommend they bring up a third DNS server and point the branch offices to that and have it forward to OpenDNS and leave the two main servers at the main office pointing to the ISP DNS.
Thanks for your time.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One possible workaround is to use static/custom HOSTS files on the branch workstations. I have had to do this kind of workaround for various reasons/requirements in the past. Basically you can roll out local HOSTS files to all your branch workstations that contain the DNS/IP info for local net resources. Then you can have the DHCP scope give out the OpenDNS server to the branches. Or if they are static you can just simply put in the OpenDNS server information. Now this will create a lot more administrative overhead (obviously) then automating it using another MS DNS box. However, this will allow you to achieve your goal without having to add anymore servers. If you have a lot of workstations at the various branches you can always use a batch file /script to implement the HOSTS file process.
JC
JC
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> I cannot understand why can't they use the same external DNS servers?
Probably because OpenDNS does filtering (if you want it).
Chris
Probably because OpenDNS does filtering (if you want it).
Chris
ASKER
> Probably because OpenDNS does filtering (if you want it).
Chris, you're correct. They have an on site content filter at their main office and want to use the content filtering for the remote offices. Since all DNS forwarding requests are coming from the main office DNS servers, it filters everything. They'd like to have different rules for the main and branch offices.
Thanks for the replies guys, I am going to recommend bringing up third DNS server to do what they want (thanks for the stub-zone comment dvt, I'll have to look into that).
Chris, you're correct. They have an on site content filter at their main office and want to use the content filtering for the remote offices. Since all DNS forwarding requests are coming from the main office DNS servers, it filters everything. They'd like to have different rules for the main and branch offices.
Thanks for the replies guys, I am going to recommend bringing up third DNS server to do what they want (thanks for the stub-zone comment dvt, I'll have to look into that).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did some research based on the comments and will be going with a Secondary Zone recommendation on another Server (that they already have in production).
I will be getting with the customer and discussing it today, thanks for the info everyone.
I will be getting with the customer and discussing it today, thanks for the info everyone.
Chris