Solved

DNS, conditional Forwarder

Posted on 2013-01-09
3
710 Views
Last Modified: 2013-02-14
We are multiple sites connecting over VPN to the head office.
Branch offices have anywhere from 3 to 10 computers.
Each branch office is getting a small file server running 2008. DNS service is also installed.
forwarders were pointed to the dns server at the head office otherwise the branch office could not resolve internal servers

We find that ALL dns requests were being sent to the head office.  
The problem is if we loose internet connection at the head office then we risk bringing all the branch sites to a stand still.

Is there a way so that all internet urls will be resolved locally at the brnach sites and for all internal servers it could look up the dns server at the head office.

thanks
0
Comment
Question by:3Musketeers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 500 total points
ID: 38761417
The short answer is most likely you could set this up...

Questions that will help determine a more specific answer

Are you running an Active Directory setup with your servers?
If so, where are your Domain Controllers located (at each site, head office)?

How is your internal DNS domain configured?  Do you servers self-register or does someone manually manage the DNS entries?

How are IP addresses (esp for servers) handled, are they statically assigned, or are they DHCP enabled?  If DHCP, are the servers local to the site or at the head office?

Would you like to be able to resolve local servers via DNS if the connection to the head office goes down?
0
 

Author Comment

by:3Musketeers
ID: 38761746
thx.

yes AD, the  domain  controller sits at the head office( HO) , and another bigger branch office(BBO)  -  Total 2 domain controllers with DNS service also running
There is a private link between these two locations.
no domain controllers at any of the other  branch offices.

Servers / clients self register,
static IP's for servers - dhcp for clients

branch offices have no need for any connection to the BBO.

I want to resolve all the servers that are at the head office -  from the client computers at the branch office.
However I want the dns servers at the branch sites to resolve all internet sites LOCALLY bcos people surf like crazy and dont want the dns requests coming all the way over the wan link.

thanks a lot
0
 
LVL 9

Accepted Solution

by:
gt2847c earned 500 total points
ID: 38762861
You have two options for locally resolving Internet.  You can set up a general forwarder for the local DNS server pointing to each site's ISP supplied DNS resolvers.    Alternatively, you can allow your DNS server to self resolve.  Microsoft's DNS server, if no general forwarders are configured, will attempt to iteratively resolve DNS queries.  This assumes that your firewall permits this traffic to pass.  It also assumes you have a default route pointing to your ISP rather than through your VPN back to your head office.

As to internal resolving, you again have two options.  One, you can set up a conditional forwarder for your internal domain pointing to your head office DNS server(s).  You should include both the forward domain (x.y.com) and the reverse (168.192.in-addr.arpa or whatever is appropriate based on the internal address space you use).  You will also want to make sure all the sub-domains that AD sets up  (_msdcs.mydomain.com and those underneath) resolve properly to make sure you don't have issues with your devices connecting to your domain.  Second option is to setup your local DNS servers to replicate the DNS zones for your internal forward and reverse zones.  That way it will keep all client DNS traffic local to your site.  Only replication traffic between the DNS servers will go back to your head office.  Conditional forwarders will send all (non-cached) requests back to your head office.  Having a local copy of the internal domain locally is useful if your connection to the head office is severed or you want to take down the DNS servers at the head office for maintenance.  This is especially true if you use a meshed VPN solution which would allow you to reach other sites even if the head office is unavailable.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question