Solved

DNS, conditional Forwarder

Posted on 2013-01-09
3
700 Views
Last Modified: 2013-02-14
We are multiple sites connecting over VPN to the head office.
Branch offices have anywhere from 3 to 10 computers.
Each branch office is getting a small file server running 2008. DNS service is also installed.
forwarders were pointed to the dns server at the head office otherwise the branch office could not resolve internal servers

We find that ALL dns requests were being sent to the head office.  
The problem is if we loose internet connection at the head office then we risk bringing all the branch sites to a stand still.

Is there a way so that all internet urls will be resolved locally at the brnach sites and for all internal servers it could look up the dns server at the head office.

thanks
0
Comment
Question by:3Musketeers
  • 2
3 Comments
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 500 total points
ID: 38761417
The short answer is most likely you could set this up...

Questions that will help determine a more specific answer

Are you running an Active Directory setup with your servers?
If so, where are your Domain Controllers located (at each site, head office)?

How is your internal DNS domain configured?  Do you servers self-register or does someone manually manage the DNS entries?

How are IP addresses (esp for servers) handled, are they statically assigned, or are they DHCP enabled?  If DHCP, are the servers local to the site or at the head office?

Would you like to be able to resolve local servers via DNS if the connection to the head office goes down?
0
 

Author Comment

by:3Musketeers
ID: 38761746
thx.

yes AD, the  domain  controller sits at the head office( HO) , and another bigger branch office(BBO)  -  Total 2 domain controllers with DNS service also running
There is a private link between these two locations.
no domain controllers at any of the other  branch offices.

Servers / clients self register,
static IP's for servers - dhcp for clients

branch offices have no need for any connection to the BBO.

I want to resolve all the servers that are at the head office -  from the client computers at the branch office.
However I want the dns servers at the branch sites to resolve all internet sites LOCALLY bcos people surf like crazy and dont want the dns requests coming all the way over the wan link.

thanks a lot
0
 
LVL 9

Accepted Solution

by:
gt2847c earned 500 total points
ID: 38762861
You have two options for locally resolving Internet.  You can set up a general forwarder for the local DNS server pointing to each site's ISP supplied DNS resolvers.    Alternatively, you can allow your DNS server to self resolve.  Microsoft's DNS server, if no general forwarders are configured, will attempt to iteratively resolve DNS queries.  This assumes that your firewall permits this traffic to pass.  It also assumes you have a default route pointing to your ISP rather than through your VPN back to your head office.

As to internal resolving, you again have two options.  One, you can set up a conditional forwarder for your internal domain pointing to your head office DNS server(s).  You should include both the forward domain (x.y.com) and the reverse (168.192.in-addr.arpa or whatever is appropriate based on the internal address space you use).  You will also want to make sure all the sub-domains that AD sets up  (_msdcs.mydomain.com and those underneath) resolve properly to make sure you don't have issues with your devices connecting to your domain.  Second option is to setup your local DNS servers to replicate the DNS zones for your internal forward and reverse zones.  That way it will keep all client DNS traffic local to your site.  Only replication traffic between the DNS servers will go back to your head office.  Conditional forwarders will send all (non-cached) requests back to your head office.  Having a local copy of the internal domain locally is useful if your connection to the head office is severed or you want to take down the DNS servers at the head office for maintenance.  This is especially true if you use a meshed VPN solution which would allow you to reach other sites even if the head office is unavailable.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now