DNS requests to DNS server from branch offices not being resolved

Here is the scenario. We have a main office and two branch offices connected with VPN tunnels using Cisco ASA 5505 firewalls.

We just set up an active directory (server 2008 R2) with the only DC (running DNS) based in the main office. I modified the DHCP scopes for the branch offices to have the DC as their primary DNS server.

For some reason, though, workstations in each of the branch offices can not resolve any of the new server names. I verified that the new DNS servers are being handed out via DHCP at each branch office. And I can ping the IP address of the server I want to get to so one of the following must be true:

 - DNS requests aren't being sent through the VPN tunnel to the DC/DNS server
 or
 - the DC/DNS server is refusing requests from the branch offices

Any ideas?
twinstatevdvAsked:
Who is Participating?
 
twinstatevdvConnect With a Mentor Author Commented:
I may have fixed it but this may just be a work-around which isn't great.

So I noticed that while I couldn't "ping server" and get responses, I could "ping server.domain.local" and get responses. I then modified my dhcp server with the command:

dhcpd domain domain.local

Now if you go to "ipconfig /all" the DNS Suffix Search List includes "domain.local" and I can ping servers with either their FQDN or just the basic name.

So did I just solve my problem or is there more work to do?
0
 
btaylor188Commented:
can you telnet into the DNS server on port 53 from the remote terminal, if not check to see that the port is allowed on the firewall.  If it connects it won't give you any response, if it doesn't  connect it will give you a connection refused error.
0
 
arnoldCommented:
check the advanced firewall settings to see whether access to port 53 is limited to the domain network only which might be what is preventing the remote LAN which has a different IP segment from passing.

Does the branch have its own DHCP server but not a DC?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
twinstatevdvAuthor Commented:
The firewall on the DC is turned off. I was able to telnet to it using port 53 from a branch office even though I didn't get any response.
0
 
twinstatevdvAuthor Commented:
and yes, the branch offices have their own DHCP servers but no DC.
0
 
arnoldCommented:
Since you have a local DHCP, you could also setup a local DNS server that will pull the data from the DC at the main office.
Any reason why a branch DC is not being considered?

Adding the search domain will help resolve the server just as it would have server.domain.local.
0
 
twinstatevdvAuthor Commented:
I resolved the issue on my own
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.