Adding DNS to remote sites

At our main site I have two 2008 AD/DNS servers. Some of the remote sites only have a 2003/2008 File server and use a cisco ASA to connnect to our main site. The ASA is used for dhcp and has the main sites DNS servers as primary dns and 8.8.8.8 as secondary. It was suggested I add DNS to those remote sites and get rid of the 8.8.8.8. My question is,,,would I use the remote sites NEW DNS as the primary or secondary DNS on the ASA. I would think they would still need the main sites DNS to authenticate? Thanks
jtanoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
They should use the DNS server at the  remote site as their primary.  So you are using 8.8.8.8 (google's DNS) for internet quereis?

You can forward to 8.8.8.8 on the DNS servers if you want it to answer for DNS queries but I would not list it as  DNS server on the client.

Thanks

Mike
0
Aaron TomoskySD-WAN SimplifiedCommented:
Never never mix internal and external DNS on a client. Windows will fail to secondary at some point and won't fail back to primary until there is a problem with secondary this leaving you unable to access local DNS resources.

Setup local DNS at each site with root hints enabled. Tell the clients only about local DNS (if you only have one then only put that one). If you have domain joined servers for files maybe adding a DNS role is the easiest.
0
Brian PiercePhotographerCommented:
Agreed - the only place external DNS servers should be listed is as forwarders on the DNS servers themselves. If you put external DNS severs as preferred - or even as alternate DNS servers internal domain name resolution will fail.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

jtanoAuthor Commented:
Yes,, that is what I was told to get rid of the external DNS and add DNS to remote sites, which is what I am working on. The  answer I need to know for this question is would the new DNS at the remote site be the primary dns then what would the secondry dns need to be.  I assume one of our main DNS servers from our main site so they can authenticate and access files at main site including exchange? Yes?
Aarontomosky suggests only using that remote DNS but then I'm thinking they couldn't come back to main site for email/files. Then you mention adding a DNS role? Not sure what you mean?
Thanks
0
Mike KlineCommented:
Yes the secondary would be the main site.   Since you are using AD integrated zones the information will be replicated to the DC in the remote site.  

Thanks

Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SandeshdubeySenior Server EngineerCommented:
You have already got the answer for query.Refere below link too for dns setting on DC and clients
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
compdigit44Commented:
As other have stated, for name resolution your clients should only have the IP addresses of internal DNS servers, The DNS servers would then have forwarding setup to queries external DNS servers.

On a side note, since you are running Windows 2008 or greater, have you thought about setting up a RODC on your remote sites..

http://technet.microsoft.com/en-us/library/cc754956%28v=ws.10%29.aspx
0
jtanoAuthor Commented:
Thank you for all the help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.