Need fast DNS in remote office

Posted on 2013-01-21
Last Modified: 2013-01-21
The office has 3 locations and are connected via a VPN.  The main office has 8 servers and the remote locations have 0.  The issue is the speed for DNS queries from any of the 2 remote offices.  

Currently the DNS all points to the main office DNS Active Directory server.  The server is not getting overloaded and responds very fast in the main office.  In the remote offices, the DNS query to a non-cached website takes a long time to resolve because of the VPN and distance latency.  

I am hoping to setup a Windows Compatible DNS cache service on an always on system in the remote offices.  Then I could point the remote systems to the local DNS cache system.  The confusion I have is it would need to locally look up to external DNS IF the request is not a hit from cached version of the Active Directory DNS server.

In this environment the DNS changes very infrequently for the Active Directly.  Yet that information is super important because without that being available on the remote system, things like mapped network drive, login, logoff, group policy, and may other things are horribly slow.  Yet at the same time the Internet is super fast as it should be with DNS point externally.

I understand that I can setup a forest server and have DNS there replicate.  However, that is way over budget and would take a long time to implement.

I was hoping for some software that can be installed on the one of the remote always on Windows computers that can communicate with the main Active Directory DNS server and cache (replicate) all the entries.  One way communication is fine.  I can enter static DNS entries for hosts and printers in the local host file if I have to.  I am not worried there.
Question by:codaaladdin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4

Author Comment

ID: 38801398
Thank you a head of time for any thoughts, comments, or even better ... solutions :P
LVL 11

Accepted Solution

sysreq2000 earned 500 total points
ID: 38801568
I don't think there is much you can do other than have a secondary DNS server at the remote site. If you need to do it on the cheap, you can setup an old PC with Linux and set up a secondary DNS, or install a windows DNS app on an old PC, or even on one of the workstations at the remote site if it's highly available. Here are a couple of samples:
LVL 11

Expert Comment

ID: 38801669
Actually as I take a closer look I'm not sure the raidendnsd will act as a secondary.

I'm sure there are many other options out there as well.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 27

Expert Comment

by:Jason Watkins
ID: 38801689
I would second sysreq2000's suggestion. Set up a Windows DNS server in each remote location with a copy of the domain's DNS zone. Create a forwarder on each DNS server to query ISP, or some other DNS server for upstream queries. You may even want to set up a DC in each location, but that would add more complexity to the answer here.

Author Comment

ID: 38801816
Thank you Firebar.  I am stuck with a budget issue there.  Can not install new server.  

Concerned a Linux solution would be more time start to finish.  Even in a simple setup, yet in my case I have to setup Samba in that case, move data, and web proxy which would take way too long.

Author Comment

ID: 38801832
Thank you sysreq2000  for the great suggestions.
That is on-point :)  I will investigate further and get back ASAP

Here is a snip that is perfect for my situation:

Automate secondary DNS servers
A secondary Simple DNS Plus server can be configured as a "super slave" server, meaning that all updates on the primary server are automatically transferred to the secondary. This includes creating and deleting zones.
(On other DNS server, you have to create and delete zones on both primary and secondary servers).
Everything is completely automated - when changes are made in the Record Editor, Simple DNS Plus immediately notifies secondary servers and a Zone Transfer is initiated.
Simple DNS Plus can also be configured as a standard secondary DNS server, and will then automatically check for updates on the primary server.
As everything else in Simple DNS Plus, Zone Transfers are implemented according to the DNS standards (RFCs), and so it is 100% compatible with other standard DNS servers.
LVL 11

Expert Comment

ID: 38801943
Yeah I see what you mean. I presume the DNS software would work similarly to the Windows Server DNS implementation, where you configure forwarders for query's outside the domain, where you would forward to the remote office's ISP's servers.

edit: lol sorry I was responding to this....

"The confusion I have is it would need to locally look up to external DNS IF the request is not a hit from cached version of the Active Directory DNS server."

didn't mean to be incoherent. Need more coffee! :)

Author Comment

ID: 38803042
sysreq2000 - Thanks for the recommendation.  The SimpleDNS software of perfect for the implementation and looks great for many other situations.  The cost of $80 and such is not an issue for the features and the ease of use.

So far I have been able to create a Secondary Zone which does replicate from a 2000 server.  Issue is the server 2008 R2 DNS is the one I really need to do with.  I am reading about the secure zone transfers and keys needed to be created ... giving me a headache.  Is there any way that I can just trust the IP address of the remote system from the main DNS server or something more simple?  I am sure it is permissions or policy based with server 2008 R2.
LVL 11

Assisted Solution

sysreq2000 earned 500 total points
ID: 38803087
Yes, on the 2008r2 server DNS Manager right click on the domain zone and go to properties, then on the zone transfer tab click the allow zone transfers checkbox and enter the IP of your server.

Author Comment

ID: 38803192
Perfect.  That was it :)

If anyone else cares this is helpful too.  However, in this case when the DNS master is also the Active Directory server the DNS is integrated and it is better to allow the specific secondary DNS servers as you specified :)

Thank you again for the recommendation.  I will not load test the server and then purchase after a little testing.  

BTW - The software does run as a service (no surprise there for real professional software)

Author Closing Comment

ID: 38803207
Thank you for the fast and very helpful assistance :)

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question