Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 633
  • Last Modified:

Need fast DNS in remote office

The office has 3 locations and are connected via a VPN.  The main office has 8 servers and the remote locations have 0.  The issue is the speed for DNS queries from any of the 2 remote offices.  

Currently the DNS all points to the main office DNS Active Directory server.  The server is not getting overloaded and responds very fast in the main office.  In the remote offices, the DNS query to a non-cached website takes a long time to resolve because of the VPN and distance latency.  

I am hoping to setup a Windows Compatible DNS cache service on an always on system in the remote offices.  Then I could point the remote systems to the local DNS cache system.  The confusion I have is it would need to locally look up to external DNS IF the request is not a hit from cached version of the Active Directory DNS server.

In this environment the DNS changes very infrequently for the Active Directly.  Yet that information is super important because without that being available on the remote system, things like mapped network drive, login, logoff, group policy, and may other things are horribly slow.  Yet at the same time the Internet is super fast as it should be with DNS point externally.

I understand that I can setup a forest server and have DNS there replicate.  However, that is way over budget and would take a long time to implement.

I was hoping for some software that can be installed on the one of the remote always on Windows computers that can communicate with the main Active Directory DNS server and cache (replicate) all the entries.  One way communication is fine.  I can enter static DNS entries for hosts and printers in the local host file if I have to.  I am not worried there.
0
codaaladdin
Asked:
codaaladdin
  • 6
  • 4
2 Solutions
 
codaaladdinAuthor Commented:
Thank you a head of time for any thoughts, comments, or even better ... solutions :P
0
 
sysreq2000Commented:
I don't think there is much you can do other than have a secondary DNS server at the remote site. If you need to do it on the cheap, you can setup an old PC with Linux and set up a secondary DNS, or install a windows DNS app on an old PC, or even on one of the workstations at the remote site if it's highly available. Here are a couple of samples:

http://www.simpledns.com/features.aspx

http://www.raidendnsd.com/
0
 
sysreq2000Commented:
Actually as I take a closer look I'm not sure the raidendnsd will act as a secondary.

I'm sure there are many other options out there as well.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Jason WatkinsIT Project LeaderCommented:
I would second sysreq2000's suggestion. Set up a Windows DNS server in each remote location with a copy of the domain's DNS zone. Create a forwarder on each DNS server to query ISP, or some other DNS server for upstream queries. You may even want to set up a DC in each location, but that would add more complexity to the answer here.
0
 
codaaladdinAuthor Commented:
Thank you Firebar.  I am stuck with a budget issue there.  Can not install new server.  

Concerned a Linux solution would be more time start to finish.  Even in a simple setup, yet in my case I have to setup Samba in that case, move data, and web proxy which would take way too long.
0
 
codaaladdinAuthor Commented:
Thank you sysreq2000  for the great suggestions.
That is on-point :)  I will investigate further and get back ASAP

Here is a snip that is perfect for my situation:

http://www.simpledns.com/features.aspx

Automate secondary DNS servers
A secondary Simple DNS Plus server can be configured as a "super slave" server, meaning that all updates on the primary server are automatically transferred to the secondary. This includes creating and deleting zones.
(On other DNS server, you have to create and delete zones on both primary and secondary servers).
Everything is completely automated - when changes are made in the Record Editor, Simple DNS Plus immediately notifies secondary servers and a Zone Transfer is initiated.
Simple DNS Plus can also be configured as a standard secondary DNS server, and will then automatically check for updates on the primary server.
As everything else in Simple DNS Plus, Zone Transfers are implemented according to the DNS standards (RFCs), and so it is 100% compatible with other standard DNS servers.
0
 
sysreq2000Commented:
Yeah I see what you mean. I presume the DNS software would work similarly to the Windows Server DNS implementation, where you configure forwarders for query's outside the domain, where you would forward to the remote office's ISP's servers.

edit: lol sorry I was responding to this....

"The confusion I have is it would need to locally look up to external DNS IF the request is not a hit from cached version of the Active Directory DNS server."

didn't mean to be incoherent. Need more coffee! :)
0
 
codaaladdinAuthor Commented:
sysreq2000 - Thanks for the recommendation.  The SimpleDNS software of perfect for the implementation and looks great for many other situations.  The cost of $80 and such is not an issue for the features and the ease of use.

So far I have been able to create a Secondary Zone which does replicate from a 2000 server.  Issue is the server 2008 R2 DNS is the one I really need to do with.  I am reading about the secure zone transfers and keys needed to be created ... giving me a headache.  Is there any way that I can just trust the IP address of the remote system from the main DNS server or something more simple?  I am sure it is permissions or policy based with server 2008 R2.
0
 
sysreq2000Commented:
Yes, on the 2008r2 server DNS Manager right click on the domain zone and go to properties, then on the zone transfer tab click the allow zone transfers checkbox and enter the IP of your server.
0
 
codaaladdinAuthor Commented:
Perfect.  That was it :)

If anyone else cares this is helpful too.  However, in this case when the DNS master is also the Active Directory server the DNS is integrated and it is better to allow the specific secondary DNS servers as you specified :)

Thank you again for the recommendation.  I will not load test the server and then purchase after a little testing.  

BTW - The software does run as a service (no surprise there for real professional software)
0
 
codaaladdinAuthor Commented:
Thank you for the fast and very helpful assistance :)
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now