Solved

Need fast DNS in remote office

Posted on 2013-01-21
11
583 Views
Last Modified: 2013-01-21
The office has 3 locations and are connected via a VPN.  The main office has 8 servers and the remote locations have 0.  The issue is the speed for DNS queries from any of the 2 remote offices.  

Currently the DNS all points to the main office DNS Active Directory server.  The server is not getting overloaded and responds very fast in the main office.  In the remote offices, the DNS query to a non-cached website takes a long time to resolve because of the VPN and distance latency.  

I am hoping to setup a Windows Compatible DNS cache service on an always on system in the remote offices.  Then I could point the remote systems to the local DNS cache system.  The confusion I have is it would need to locally look up to external DNS IF the request is not a hit from cached version of the Active Directory DNS server.

In this environment the DNS changes very infrequently for the Active Directly.  Yet that information is super important because without that being available on the remote system, things like mapped network drive, login, logoff, group policy, and may other things are horribly slow.  Yet at the same time the Internet is super fast as it should be with DNS point externally.

I understand that I can setup a forest server and have DNS there replicate.  However, that is way over budget and would take a long time to implement.

I was hoping for some software that can be installed on the one of the remote always on Windows computers that can communicate with the main Active Directory DNS server and cache (replicate) all the entries.  One way communication is fine.  I can enter static DNS entries for hosts and printers in the local host file if I have to.  I am not worried there.
0
Comment
Question by:codaaladdin
  • 6
  • 4
11 Comments
 

Author Comment

by:codaaladdin
ID: 38801398
Thank you a head of time for any thoughts, comments, or even better ... solutions :P
0
 
LVL 11

Accepted Solution

by:
sysreq2000 earned 500 total points
ID: 38801568
I don't think there is much you can do other than have a secondary DNS server at the remote site. If you need to do it on the cheap, you can setup an old PC with Linux and set up a secondary DNS, or install a windows DNS app on an old PC, or even on one of the workstations at the remote site if it's highly available. Here are a couple of samples:

http://www.simpledns.com/features.aspx

http://www.raidendnsd.com/
0
 
LVL 11

Expert Comment

by:sysreq2000
ID: 38801669
Actually as I take a closer look I'm not sure the raidendnsd will act as a secondary.

I'm sure there are many other options out there as well.
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 38801689
I would second sysreq2000's suggestion. Set up a Windows DNS server in each remote location with a copy of the domain's DNS zone. Create a forwarder on each DNS server to query ISP, or some other DNS server for upstream queries. You may even want to set up a DC in each location, but that would add more complexity to the answer here.
0
 

Author Comment

by:codaaladdin
ID: 38801816
Thank you Firebar.  I am stuck with a budget issue there.  Can not install new server.  

Concerned a Linux solution would be more time start to finish.  Even in a simple setup, yet in my case I have to setup Samba in that case, move data, and web proxy which would take way too long.
0
 

Author Comment

by:codaaladdin
ID: 38801832
Thank you sysreq2000  for the great suggestions.
That is on-point :)  I will investigate further and get back ASAP

Here is a snip that is perfect for my situation:

http://www.simpledns.com/features.aspx

Automate secondary DNS servers
A secondary Simple DNS Plus server can be configured as a "super slave" server, meaning that all updates on the primary server are automatically transferred to the secondary. This includes creating and deleting zones.
(On other DNS server, you have to create and delete zones on both primary and secondary servers).
Everything is completely automated - when changes are made in the Record Editor, Simple DNS Plus immediately notifies secondary servers and a Zone Transfer is initiated.
Simple DNS Plus can also be configured as a standard secondary DNS server, and will then automatically check for updates on the primary server.
As everything else in Simple DNS Plus, Zone Transfers are implemented according to the DNS standards (RFCs), and so it is 100% compatible with other standard DNS servers.
0
 
LVL 11

Expert Comment

by:sysreq2000
ID: 38801943
Yeah I see what you mean. I presume the DNS software would work similarly to the Windows Server DNS implementation, where you configure forwarders for query's outside the domain, where you would forward to the remote office's ISP's servers.

edit: lol sorry I was responding to this....

"The confusion I have is it would need to locally look up to external DNS IF the request is not a hit from cached version of the Active Directory DNS server."

didn't mean to be incoherent. Need more coffee! :)
0
 

Author Comment

by:codaaladdin
ID: 38803042
sysreq2000 - Thanks for the recommendation.  The SimpleDNS software of perfect for the implementation and looks great for many other situations.  The cost of $80 and such is not an issue for the features and the ease of use.

So far I have been able to create a Secondary Zone which does replicate from a 2000 server.  Issue is the server 2008 R2 DNS is the one I really need to do with.  I am reading about the secure zone transfers and keys needed to be created ... giving me a headache.  Is there any way that I can just trust the IP address of the remote system from the main DNS server or something more simple?  I am sure it is permissions or policy based with server 2008 R2.
0
 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 500 total points
ID: 38803087
Yes, on the 2008r2 server DNS Manager right click on the domain zone and go to properties, then on the zone transfer tab click the allow zone transfers checkbox and enter the IP of your server.
0
 

Author Comment

by:codaaladdin
ID: 38803192
Perfect.  That was it :)

If anyone else cares this is helpful too.  However, in this case when the DNS master is also the Active Directory server the DNS is integrated and it is better to allow the specific secondary DNS servers as you specified :)

Thank you again for the recommendation.  I will not load test the server and then purchase after a little testing.  

BTW - The software does run as a service (no surprise there for real professional software)
0
 

Author Closing Comment

by:codaaladdin
ID: 38803207
Thank you for the fast and very helpful assistance :)
0

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now