Line One
asked on
site-to-site VPN and DHCP/DNS
I inherited a site-to-site VPN - a group of computers at one site connected to a server in a server farm via Linksys RV042 VPN router at the workstation end. I noticed that the DHCP was being dished out by the Linksys router/gateway at the workstation end and that the DNS on the router was pointing to the remote server as the DNS source. Is this the optimal way this should be set up?
Yes, you can centrally administer local DNS entries in the DNS server in server farm. The remote workstations can resolve local hosts from that DNS server or being forwarded to ISP's DNS for accessing public domains.
ASKER
When you say DNS server, do you mean the virtualized server we have at the farm that acts as both DC and file server for the remote computers? That is the way we set things up when we build garden variety one-office LAN's. What is the advantage of that in a site-to-site VPN environment as opposed to having the VPN router/gateway point us to our server for DNS across the VPN link?
If you only have Windows servers in your server farm, the remote workstations will locate the servers by making NETBIOS request for NETBIOS names to WINS server. In a Domain environment, the PDC will play the WINS server role and respond to the workstations requests.
Enter "ipconfig /all" to see which DNS server is assigned to the workstation when DHCP server (Linksys router in your case) distribute IP address to the workstation. Usually PDC also plays the role of DNS server for resolving local host names (for TCP/IP request) within the private network. For public domain names, it should forward the request to your ISP's DNS server.
If you use ISP's DNS server in remote site, the private domain requests cannot be resolved properly. If you put a DNS server in the remote site, you have to sync the DNS servers or use subdomain or trusted domain configuration to avoid conflict of distributed network environment. As you mentioned all servers are located in your server farm, a single DNS server (PDC) is the best for you.
Enter "ipconfig /all" to see which DNS server is assigned to the workstation when DHCP server (Linksys router in your case) distribute IP address to the workstation. Usually PDC also plays the role of DNS server for resolving local host names (for TCP/IP request) within the private network. For public domain names, it should forward the request to your ISP's DNS server.
If you use ISP's DNS server in remote site, the private domain requests cannot be resolved properly. If you put a DNS server in the remote site, you have to sync the DNS servers or use subdomain or trusted domain configuration to avoid conflict of distributed network environment. As you mentioned all servers are located in your server farm, a single DNS server (PDC) is the best for you.
ASKER
I may not have been clear enough. I am asking for a comparison of alternative methods of accomplishing the same end. Here are the scenarios I see:
two different subnets - one for the local computers and one for the remote servers e.g. 192.168 vs 192.169 - and then have the local router dish out DHCP so that we have a routed network vs a bridged network. I've been told this is easier to set up; DNS still points to our Windows server at the farm which is the DNS provider for our network
one subnet - same subnet for our workstations and servers - a bridged network with our server atg the farm dishing out DHCP instead of the local router
the current way described in the original post - local router dishes out DHCP and DNS comes from our server at the server farm
two different subnets - one for the local computers and one for the remote servers e.g. 192.168 vs 192.169 - and then have the local router dish out DHCP so that we have a routed network vs a bridged network. I've been told this is easier to set up; DNS still points to our Windows server at the farm which is the DNS provider for our network
one subnet - same subnet for our workstations and servers - a bridged network with our server atg the farm dishing out DHCP instead of the local router
the current way described in the original post - local router dishes out DHCP and DNS comes from our server at the server farm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. What is a " low speed connection' in your view?
Less than 10Mbps. But that also depends on number of workstations on the network and their bandwidth utilization.
ASKER
Thanks for all the help.