Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 361
  • Last Modified:

DNS configuration in multi-location network

A remote site underwent an ISP change and a local tech made some DNS changes that, while they work, I'm questioning. One of the issues I have found is that when I ping the name of an internal computer and expect DNS to reply with an IP address, instead of the real IP, I get an OpenDNS IP. (We use OpenDNS).
This made me want to look at DNS as a whole to make sure it's optimal before fixing this. Please review the attached. All locations were set up similar to Sites 1 & 2 and it's site 3 that was modified. Considering the details provided, I'm looking for best practices related to DC and firewall settings specific to DNS.

1. Should the primary DC DNS point only to itself?
2. Should the other secondary local DCs point only to the Primary DC for DNS?
3. Should any DC TCP/IP settings contain DNS IPs for OpenDNS
4. Should DNS1 on the firewall/gateway point to the local DNS server?

Thanks
Visio-DNS.pdf
0
ironkernel
Asked:
ironkernel
1 Solution
 
Zephyr ICTCloud ArchitectCommented:
Well... It's not how I would set it up ...

First thing, I would try to configure a local DNS on each site...

Second thing, DNS should be pointing to itself and another local DNS (or a DNS on the other site maybe), then on the DNS server itself the OpenDNS servers should be configured as forwarders, so that the DNS server uses them when looking up requests that can't be resolved by the DNS server itself.

That would solve most things I think .. From taking a quick look.

So:

1) Kinda yes (itself and another local - backup - DNS)
2) Yes, and also another local DNS as backup
3) No better not
4) It can though I don't think it matters for the network too much.
0
 
MaheshArchitectCommented:
1. Should the primary DC DNS point only to itself?
Yes, to its own IP (Not 127.0.0.1)

2. Should the other secondary local DCs point only to the Primary DC for DNS?
No secondary dns servers also point to itself for name resolution and point to primary DC as alternate DNS

3. Should any DC TCP/IP settings contain DNS IPs for OpenDNS
OpenDNS \ ISP IP should be put into DNS forwarders tab
I have seen your schematic, no matter how you route your traffic, it will passes through firewall only
If you keep firewall IP as gateway on DC and workstations, all internet traffic will go through firewall directly and it will then not look for DNS forwarders I believe.
Hence if you could arrange some simple router as gateway device at each site for DC and computers and then DNS forwarder will work.
However finally your internet traffic will flow through firewall only

4. Should DNS1 on the firewall/gateway point to the local DNS server?
No its not required as your firewall is actually acting as internet gateway and entry point

Mahesh.
0
 
ironkernelAuthor Commented:
Thank you for the details provided - this helps considerably.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now