Solved

DNS configuration in multi-location network

Posted on 2014-04-23
3
351 Views
Last Modified: 2014-04-24
A remote site underwent an ISP change and a local tech made some DNS changes that, while they work, I'm questioning. One of the issues I have found is that when I ping the name of an internal computer and expect DNS to reply with an IP address, instead of the real IP, I get an OpenDNS IP. (We use OpenDNS).
This made me want to look at DNS as a whole to make sure it's optimal before fixing this. Please review the attached. All locations were set up similar to Sites 1 & 2 and it's site 3 that was modified. Considering the details provided, I'm looking for best practices related to DC and firewall settings specific to DNS.

1. Should the primary DC DNS point only to itself?
2. Should the other secondary local DCs point only to the Primary DC for DNS?
3. Should any DC TCP/IP settings contain DNS IPs for OpenDNS
4. Should DNS1 on the firewall/gateway point to the local DNS server?

Thanks
Visio-DNS.pdf
0
Comment
Question by:ironkernel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40018351
Well... It's not how I would set it up ...

First thing, I would try to configure a local DNS on each site...

Second thing, DNS should be pointing to itself and another local DNS (or a DNS on the other site maybe), then on the DNS server itself the OpenDNS servers should be configured as forwarders, so that the DNS server uses them when looking up requests that can't be resolved by the DNS server itself.

That would solve most things I think .. From taking a quick look.

So:

1) Kinda yes (itself and another local - backup - DNS)
2) Yes, and also another local DNS as backup
3) No better not
4) It can though I don't think it matters for the network too much.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40018833
1. Should the primary DC DNS point only to itself?
Yes, to its own IP (Not 127.0.0.1)

2. Should the other secondary local DCs point only to the Primary DC for DNS?
No secondary dns servers also point to itself for name resolution and point to primary DC as alternate DNS

3. Should any DC TCP/IP settings contain DNS IPs for OpenDNS
OpenDNS \ ISP IP should be put into DNS forwarders tab
I have seen your schematic, no matter how you route your traffic, it will passes through firewall only
If you keep firewall IP as gateway on DC and workstations, all internet traffic will go through firewall directly and it will then not look for DNS forwarders I believe.
Hence if you could arrange some simple router as gateway device at each site for DC and computers and then DNS forwarder will work.
However finally your internet traffic will flow through firewall only

4. Should DNS1 on the firewall/gateway point to the local DNS server?
No its not required as your firewall is actually acting as internet gateway and entry point

Mahesh.
0
 

Author Comment

by:ironkernel
ID: 40021109
Thank you for the details provided - this helps considerably.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Server 7 74
Access Sonicwall Management Interface from another zone 5 32
analyzing possible malicious link 8 26
Need suggestions from Upgrading the File server 5 53
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question