DNS requests to DNS server from branch offices not being resolved

Here is the scenario. We have a main office and two branch offices connected with VPN tunnels using Cisco ASA 5505 firewalls.

We just set up an active directory (server 2008 R2) with the only DC (running DNS) based in the main office. I modified the DHCP scopes for the branch offices to have the DC as their primary DNS server.

For some reason, though, workstations in each of the branch offices can not resolve any of the new server names. I verified that the new DNS servers are being handed out via DHCP at each branch office. And I can ping the IP address of the server I want to get to so one of the following must be true:

 - DNS requests aren't being sent through the VPN tunnel to the DC/DNS server
 or
 - the DC/DNS server is refusing requests from the branch offices

Any ideas?
twinstatevdvAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btaylor188Commented:
can you telnet into the DNS server on port 53 from the remote terminal, if not check to see that the port is allowed on the firewall.  If it connects it won't give you any response, if it doesn't  connect it will give you a connection refused error.
arnoldCommented:
check the advanced firewall settings to see whether access to port 53 is limited to the domain network only which might be what is preventing the remote LAN which has a different IP segment from passing.

Does the branch have its own DHCP server but not a DC?
twinstatevdvAuthor Commented:
The firewall on the DC is turned off. I was able to telnet to it using port 53 from a branch office even though I didn't get any response.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

twinstatevdvAuthor Commented:
and yes, the branch offices have their own DHCP servers but no DC.
twinstatevdvAuthor Commented:
I may have fixed it but this may just be a work-around which isn't great.

So I noticed that while I couldn't "ping server" and get responses, I could "ping server.domain.local" and get responses. I then modified my dhcp server with the command:

dhcpd domain domain.local

Now if you go to "ipconfig /all" the DNS Suffix Search List includes "domain.local" and I can ping servers with either their FQDN or just the basic name.

So did I just solve my problem or is there more work to do?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
Since you have a local DHCP, you could also setup a local DNS server that will pull the data from the DC at the main office.
Any reason why a branch DC is not being considered?

Adding the search domain will help resolve the server just as it would have server.domain.local.
twinstatevdvAuthor Commented:
I resolved the issue on my own
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.