• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

site-to-site VPN and DHCP/DNS

I inherited a site-to-site VPN - a group of computers at one site connected to a server in a server farm via Linksys RV042 VPN router at the workstation end.  I noticed that the DHCP was being dished out by the Linksys router/gateway at the workstation end and that the DNS on the router was pointing to the remote server as the DNS source.  Is this the optimal way this should be set up?
0
lineonecorp
Asked:
lineonecorp
  • 4
  • 4
1 Solution
 
raysonleeCommented:
Yes, you can centrally administer local DNS entries in the DNS server in server farm. The remote workstations can resolve local hosts from that DNS server or being forwarded to ISP's DNS for accessing public domains.
0
 
lineonecorpAuthor Commented:
When you say DNS server, do you mean the virtualized server we have at the farm that acts as both DC and file server for the remote computers? That is the way we set things up when we build garden variety one-office LAN's. What is the advantage of that in a site-to-site VPN environment as opposed to having the VPN router/gateway point us to our server for DNS across the VPN link?
0
 
raysonleeCommented:
If you only have Windows servers in your server farm, the remote workstations will locate the servers by making NETBIOS request for NETBIOS names to WINS server. In a Domain environment, the PDC will play the WINS server role and respond to the workstations requests.

Enter "ipconfig /all" to see which DNS server is assigned to the workstation when DHCP server (Linksys router in your case) distribute IP address to the workstation. Usually PDC also plays the role of DNS server for resolving local host names (for TCP/IP request) within the private network. For public domain names, it should forward the request to your ISP's DNS server.

If you use ISP's DNS server in remote site, the private domain requests cannot be resolved properly. If you put a DNS server in the remote site, you have to sync the DNS servers or use subdomain or trusted domain configuration to avoid conflict of distributed network environment. As you mentioned all servers are located in your server farm, a single DNS server (PDC) is the best for you.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
lineonecorpAuthor Commented:
I may not have been clear enough. I am asking for a comparison of alternative methods of accomplishing the same end. Here are the scenarios I see:

two different subnets - one for the local computers and one for the remote servers  e.g. 192.168 vs 192.169 - and then have the local router dish out DHCP  so that we have a routed network vs a bridged network. I've been told this is easier to set up; DNS still points to our Windows server at the farm which is the DNS provider for our network

one subnet - same subnet for our workstations and servers - a bridged network with our server atg the farm dishing out DHCP instead of the local router

the current way described in the original post - local router dishes out DHCP and DNS comes from our server at the server farm
0
 
raysonleeCommented:
ic.
Bridge and router work on different layers of OSI model. Bridge works on data link layer (layer 2) whereas router works on network layer (layer 3).
Usually bridge is used to isolate network segments and localize traffic for individual work groups. It can filter out node to node traffic but not multicast or broadcast traffic. Router on the other hand is used to connect various networks via different media. It has knowledge on various protocols and will determine what should be routed through the network. It is much more effective to reduce traffic over low speed connection.
For VPN connection over Internet, my suggestion is to use router rather than bridge.
0
 
lineonecorpAuthor Commented:
Thanks. What is a " low speed connection' in your view?
0
 
raysonleeCommented:
Less than 10Mbps. But that also depends on number of workstations on the network and their bandwidth utilization.
0
 
lineonecorpAuthor Commented:
Thanks for all the help.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now