Solved

DNS, conditional Forwarder

Posted on 2013-01-09
3
703 Views
Last Modified: 2013-02-14
We are multiple sites connecting over VPN to the head office.
Branch offices have anywhere from 3 to 10 computers.
Each branch office is getting a small file server running 2008. DNS service is also installed.
forwarders were pointed to the dns server at the head office otherwise the branch office could not resolve internal servers

We find that ALL dns requests were being sent to the head office.  
The problem is if we loose internet connection at the head office then we risk bringing all the branch sites to a stand still.

Is there a way so that all internet urls will be resolved locally at the brnach sites and for all internal servers it could look up the dns server at the head office.

thanks
0
Comment
Question by:3Musketeers
  • 2
3 Comments
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 500 total points
ID: 38761417
The short answer is most likely you could set this up...

Questions that will help determine a more specific answer

Are you running an Active Directory setup with your servers?
If so, where are your Domain Controllers located (at each site, head office)?

How is your internal DNS domain configured?  Do you servers self-register or does someone manually manage the DNS entries?

How are IP addresses (esp for servers) handled, are they statically assigned, or are they DHCP enabled?  If DHCP, are the servers local to the site or at the head office?

Would you like to be able to resolve local servers via DNS if the connection to the head office goes down?
0
 

Author Comment

by:3Musketeers
ID: 38761746
thx.

yes AD, the  domain  controller sits at the head office( HO) , and another bigger branch office(BBO)  -  Total 2 domain controllers with DNS service also running
There is a private link between these two locations.
no domain controllers at any of the other  branch offices.

Servers / clients self register,
static IP's for servers - dhcp for clients

branch offices have no need for any connection to the BBO.

I want to resolve all the servers that are at the head office -  from the client computers at the branch office.
However I want the dns servers at the branch sites to resolve all internet sites LOCALLY bcos people surf like crazy and dont want the dns requests coming all the way over the wan link.

thanks a lot
0
 
LVL 9

Accepted Solution

by:
gt2847c earned 500 total points
ID: 38762861
You have two options for locally resolving Internet.  You can set up a general forwarder for the local DNS server pointing to each site's ISP supplied DNS resolvers.    Alternatively, you can allow your DNS server to self resolve.  Microsoft's DNS server, if no general forwarders are configured, will attempt to iteratively resolve DNS queries.  This assumes that your firewall permits this traffic to pass.  It also assumes you have a default route pointing to your ISP rather than through your VPN back to your head office.

As to internal resolving, you again have two options.  One, you can set up a conditional forwarder for your internal domain pointing to your head office DNS server(s).  You should include both the forward domain (x.y.com) and the reverse (168.192.in-addr.arpa or whatever is appropriate based on the internal address space you use).  You will also want to make sure all the sub-domains that AD sets up  (_msdcs.mydomain.com and those underneath) resolve properly to make sure you don't have issues with your devices connecting to your domain.  Second option is to setup your local DNS servers to replicate the DNS zones for your internal forward and reverse zones.  That way it will keep all client DNS traffic local to your site.  Only replication traffic between the DNS servers will go back to your head office.  Conditional forwarders will send all (non-cached) requests back to your head office.  Having a local copy of the internal domain locally is useful if your connection to the head office is severed or you want to take down the DNS servers at the head office for maintenance.  This is especially true if you use a meshed VPN solution which would allow you to reach other sites even if the head office is unavailable.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question