DNS entries for remote sites / not HQ ?

I'm looking to speed up access to some resources that are hosted at our Headquarters.  We have a bunch of remote offices, and one main headquarters.  All of the sites have 2 Internet connections, 1 MPLS (1.5Mb) connecting the remote site to HQ, and 1 Cable / DSL (10+mbps) to the Internet.  There are domain controllers and DNS servers at each site.  Is there a way I can use our local DNS servers to force remote clients to use a fast external Internet connection to access internal resources, rather than using the slow site-to-site tunnels?

Here's my setup:
Externally, FTP.company.com points to 75.75.75.75 (uses the HQ high speed Internet)
Internally, FTP.company.com points to 192.168.1.10 (uses the HQ MPLS - slow)

Presently, if a user is in a remote office, and they access the FTP, the DNS server points them to the internal address, and the traffic is sent over the MPLS tunnel (1.5mb), and it is slow.  However, if they are home, without an internal DNS, it points to the external address of our FTP server, and the traffic goes over the HQ Internet pipe, which is huge, like 50mps down, 1mbps up.

Is there a way to get this working in DNS?  Or do I have to create multipe DNS entries, and tell the other users to use FTP2.company.com and create a host entry that points to the external address?  Is there a way to change the FTP.company.com host entry to the external address just for remote sites, and not the HQ?
tekkydaveAsked:
Who is Participating?
 
xcomiiiCommented:
Well, you don't have to touch DNS at all.
Here is my solution, if you have enough network experts in your IT department:

Setup some elaborate routing rules and NAT on the routers/firewall in the remote offices.
For example:
If destination = HQ, do NAT and translate the local IP(from your internal DNS) into the public IP, and thereby go to the public internet.
You have to do this for every IP that you want to force trough the public internet instead of your MPLS tough.

Both Cisco and Juniper have solid support for this type of scenario. But it all depends on what router/firewall you have in the remote offices.
0
 
warddhoogheCommented:
you could make the records on your local DNS (only possible if not replicating with HQ), but if that zone is big, you might break other things if the records dont exist locally.

If its for a single or very few people, it might be quicker and safe putting the records in their laptop's HOSTS file. However, beware if things change... you dont want everyone to use hosts files and give you a nightmare
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.