[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

DNS requests to DNS server from branch offices not being resolved

Posted on 2012-03-10
7
Medium Priority
?
773 Views
Last Modified: 2012-03-19
Here is the scenario. We have a main office and two branch offices connected with VPN tunnels using Cisco ASA 5505 firewalls.

We just set up an active directory (server 2008 R2) with the only DC (running DNS) based in the main office. I modified the DHCP scopes for the branch offices to have the DC as their primary DNS server.

For some reason, though, workstations in each of the branch offices can not resolve any of the new server names. I verified that the new DNS servers are being handed out via DHCP at each branch office. And I can ping the IP address of the server I want to get to so one of the following must be true:

 - DNS requests aren't being sent through the VPN tunnel to the DC/DNS server
 or
 - the DC/DNS server is refusing requests from the branch offices

Any ideas?
0
Comment
Question by:twinstatevdv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:btaylor188
ID: 37705441
can you telnet into the DNS server on port 53 from the remote terminal, if not check to see that the port is allowed on the firewall.  If it connects it won't give you any response, if it doesn't  connect it will give you a connection refused error.
0
 
LVL 80

Expert Comment

by:arnold
ID: 37705738
check the advanced firewall settings to see whether access to port 53 is limited to the domain network only which might be what is preventing the remote LAN which has a different IP segment from passing.

Does the branch have its own DHCP server but not a DC?
0
 

Author Comment

by:twinstatevdv
ID: 37706652
The firewall on the DC is turned off. I was able to telnet to it using port 53 from a branch office even though I didn't get any response.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:twinstatevdv
ID: 37706787
and yes, the branch offices have their own DHCP servers but no DC.
0
 

Accepted Solution

by:
twinstatevdv earned 0 total points
ID: 37707006
I may have fixed it but this may just be a work-around which isn't great.

So I noticed that while I couldn't "ping server" and get responses, I could "ping server.domain.local" and get responses. I then modified my dhcp server with the command:

dhcpd domain domain.local

Now if you go to "ipconfig /all" the DNS Suffix Search List includes "domain.local" and I can ping servers with either their FQDN or just the basic name.

So did I just solve my problem or is there more work to do?
0
 
LVL 80

Expert Comment

by:arnold
ID: 37708327
Since you have a local DHCP, you could also setup a local DNS server that will pull the data from the DC at the main office.
Any reason why a branch DC is not being considered?

Adding the search domain will help resolve the server just as it would have server.domain.local.
0
 

Author Closing Comment

by:twinstatevdv
ID: 37736773
I resolved the issue on my own
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question