Here is the scenario. We have a main office and two branch offices connected with VPN tunnels using Cisco ASA 5505 firewalls.
We just set up an active directory (server 2008 R2) with the only DC (running DNS) based in the main office. I modified the DHCP scopes for the branch offices to have the DC as their primary DNS server.
For some reason, though, workstations in each of the branch offices can not resolve any of the new server names. I verified that the new DNS servers are being handed out via DHCP at each branch office. And I can ping the IP address of the server I want to get to so one of the following must be true:
- DNS requests aren't being sent through the VPN tunnel to the DC/DNS server
- the DC/DNS server is refusing requests from the branch offices