DNS entries for remote sites / not HQ ?

I'm looking to speed up access to some resources that are hosted at our Headquarters.  We have a bunch of remote offices, and one main headquarters.  All of the sites have 2 Internet connections, 1 MPLS (1.5Mb) connecting the remote site to HQ, and 1 Cable / DSL (10+mbps) to the Internet.  There are domain controllers and DNS servers at each site.  Is there a way I can use our local DNS servers to force remote clients to use a fast external Internet connection to access internal resources, rather than using the slow site-to-site tunnels?

Here's my setup:
Externally, FTP.company.com points to 75.75.75.75 (uses the HQ high speed Internet)
Internally, FTP.company.com points to 192.168.1.10 (uses the HQ MPLS - slow)

Presently, if a user is in a remote office, and they access the FTP, the DNS server points them to the internal address, and the traffic is sent over the MPLS tunnel (1.5mb), and it is slow.  However, if they are home, without an internal DNS, it points to the external address of our FTP server, and the traffic goes over the HQ Internet pipe, which is huge, like 50mps down, 1mbps up.

Is there a way to get this working in DNS?  Or do I have to create multipe DNS entries, and tell the other users to use FTP2.company.com and create a host entry that points to the external address?  Is there a way to change the FTP.company.com host entry to the external address just for remote sites, and not the HQ?
tekkydaveAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

warddhoogheCommented:
you could make the records on your local DNS (only possible if not replicating with HQ), but if that zone is big, you might break other things if the records dont exist locally.

If its for a single or very few people, it might be quicker and safe putting the records in their laptop's HOSTS file. However, beware if things change... you dont want everyone to use hosts files and give you a nightmare
0
xcomiiiCommented:
Well, you don't have to touch DNS at all.
Here is my solution, if you have enough network experts in your IT department:

Setup some elaborate routing rules and NAT on the routers/firewall in the remote offices.
For example:
If destination = HQ, do NAT and translate the local IP(from your internal DNS) into the public IP, and thereby go to the public internet.
You have to do this for every IP that you want to force trough the public internet instead of your MPLS tough.

Both Cisco and Juniper have solid support for this type of scenario. But it all depends on what router/firewall you have in the remote offices.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.