Improve company productivity with a Business Account.Sign Up

x
?
Solved

DNS configuration in multi-location network

Posted on 2014-04-23
3
Medium Priority
?
366 Views
Last Modified: 2014-04-24
A remote site underwent an ISP change and a local tech made some DNS changes that, while they work, I'm questioning. One of the issues I have found is that when I ping the name of an internal computer and expect DNS to reply with an IP address, instead of the real IP, I get an OpenDNS IP. (We use OpenDNS).
This made me want to look at DNS as a whole to make sure it's optimal before fixing this. Please review the attached. All locations were set up similar to Sites 1 & 2 and it's site 3 that was modified. Considering the details provided, I'm looking for best practices related to DC and firewall settings specific to DNS.

1. Should the primary DC DNS point only to itself?
2. Should the other secondary local DCs point only to the Primary DC for DNS?
3. Should any DC TCP/IP settings contain DNS IPs for OpenDNS
4. Should DNS1 on the firewall/gateway point to the local DNS server?

Thanks
Visio-DNS.pdf
0
Comment
Question by:ironkernel
3 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40018351
Well... It's not how I would set it up ...

First thing, I would try to configure a local DNS on each site...

Second thing, DNS should be pointing to itself and another local DNS (or a DNS on the other site maybe), then on the DNS server itself the OpenDNS servers should be configured as forwarders, so that the DNS server uses them when looking up requests that can't be resolved by the DNS server itself.

That would solve most things I think .. From taking a quick look.

So:

1) Kinda yes (itself and another local - backup - DNS)
2) Yes, and also another local DNS as backup
3) No better not
4) It can though I don't think it matters for the network too much.
0
 
LVL 41

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40018833
1. Should the primary DC DNS point only to itself?
Yes, to its own IP (Not 127.0.0.1)

2. Should the other secondary local DCs point only to the Primary DC for DNS?
No secondary dns servers also point to itself for name resolution and point to primary DC as alternate DNS

3. Should any DC TCP/IP settings contain DNS IPs for OpenDNS
OpenDNS \ ISP IP should be put into DNS forwarders tab
I have seen your schematic, no matter how you route your traffic, it will passes through firewall only
If you keep firewall IP as gateway on DC and workstations, all internet traffic will go through firewall directly and it will then not look for DNS forwarders I believe.
Hence if you could arrange some simple router as gateway device at each site for DC and computers and then DNS forwarder will work.
However finally your internet traffic will flow through firewall only

4. Should DNS1 on the firewall/gateway point to the local DNS server?
No its not required as your firewall is actually acting as internet gateway and entry point

Mahesh.
0
 

Author Comment

by:ironkernel
ID: 40021109
Thank you for the details provided - this helps considerably.
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their Grid shared hosting experience that much smoother.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question