• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 64
  • Last Modified:

Hosts file on domain PDC

I have a windows 2003 PDC running Exchange and some other apps. We have a new peice of software that we need installed on each workstation on the networks domain and it runs through a VPN.

The software consultant wants us to install an edited hosts file on each workstation mapping some of the servers on the remote portion of the VPN. THey are not in our domain.

My question, is: Cant I add this to the DNS server and be done with it? What if one of those IP's changes? I would have to edit all of the workstations again. Im not into that.

What would be the simple way to fix this ?
0
techindahaus
Asked:
techindahaus
  • 5
  • 4
  • 3
  • +1
3 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
You do have to map to the remote system. You could set up scripts in the normal way that map to the IP address at the remote end. This means not changing the hosts files on many machines but means changing the central scripts if the IP address changes.
0
 
UnHeardOfCommented:
Thats how i would do it.
0
 
techindahausAuthor Commented:
What about just connecting to their DNS server under reverse lookup?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
UnHeardOfCommented:
for example. say if the vendor server is named server1.vendordomain.com you could create a forward authoritative domain for vendordomain.com on your dns server with the records they need and then in your domain create a cname to that record. So your record would like server1.mydomain maps to server1.vendordomain.com. this way your clients can resolve the names without needing a dns suffix entry on each client.
0
 
UnHeardOfCommented:
if your clients are looking up the fully qualified domain name then you wouldnt need the cname records in your domain.
0
 
Rob WilliamsCommented:
Mapping via scripts and mapped drive may not be possible if the software is written to connect to a file share such as \\Server1\Share1.  Though I would use DNS (you have to create a new zone for the remote site), depending on the VPN configuration, it may block access to local resources such as DNS, which may be why they recommend using the hosts file.  You can script updating the host file form the server upon logon.  The user needs to be an admin, to run it.
0
 
techindahausAuthor Commented:
Maybe I didnt explain this very well.

1. Im not looking for a scripting solution.
2. Im not looking to manually edit Cnames each time the application server changes its public IP address.

What Im looking for is a way to map the host names of the remote servers and their IP addresses WITHOUT creating a separate host file on every workstation in my domain.

Now, I think I know the best course of action. Add their DNS server to mine in the reverse lookup area so that my DNS server can query theirs and if an IP changes, my records should be updated as all of my workstations are using my domains PDC for DNS.

What Im unsure about is if this is the best place to impliment this solution. Im not a DNS expert, but can certainly find my way around a server.
0
 
UnHeardOfCommented:
I dont think you mean Reverse Lookup. A reverse lookup is an ip to a name. You are referring to a forwarder. When you create a forwarder you would create it for their domain, as an in the previous example vendordomain.com. So when a client looks up server1.vendordomain.com they would hit that forward which would direct them to the name server you provided in the forwarder configuration. The issue with that is the only way the client would be directed out the forwarder is if they are trying to resolve the fully qualified domain. If a client was trying to resolve server1 it would only append your dns suffix which would be your domain.com. All clients would then need to have a dns suffix for that domain. This gets ugly because then all lookups would try to append to that.

If clients are looking up the fully qualified domain name then you would be okay with the forwarder.
0
 
Rob WilliamsCommented:
You would add a zone for the remote server domain name such as RemoteSite.local to the forward look up zone of your DNS server and to that add Host (A) records for the remote servers.  If the IP changes, it "should" update the host record, but being part of another domain, it probably will not. This is why domain trusts are usually set up in this case.  However, as mentioned, many VPN solutions are configured with "split tunneling" disabled for security reasons to protect the remote network.  If this is the case local resources, such as DNS are blocked and unusable.  

If a host file is the only solution, I was suggesting a script pushed out through group policy that would automatically edit the Host file of every PC.  If the IP's change, you simply update the script on the server.   Having said that I am doubtful a vendor would provide a VPN solution, a service, and servers, and start changing IP's.

Normally if you have multiple computers connecting to a remote server you set up a VPN tunnel between two VPN routers, this eliminates the need for split tunneling, looks after routing and DNS.  Another issue is most routers have limits as to how many software VPN tunnels they will support.  I don't know if you are talking about 2 or 3 or 10 or more.
0
 
techindahausAuthor Commented:
Unheardof: Actually, I am referring to a reverse lookup. Similar to a HOST file, it will allow you to lookup up a name from an IP. I believe that is the premise. But I just didnt know if that would be the "best" way to accomplish this. My assumption here was that if I added it and I had their DNS servers IP, it would poll the DNS server for any changes.

Rob: yea, I agree. I have also looked into pushing out the HOST file replacement in our login script. It just seems so archaic to be dealing with these HOST files anymore. As of right now I dont have an answer to whether we can even get their DNS IP. This whole process has been a "rush" job and this is just another kink in the process.

I may try a few of your suggestions based on what information I get this week from the vendor. Hopefully, we can come to a simple solution. Ill update this thread when I get that.
0
 
Rob WilliamsCommented:
You don't need the IP of their DNS server, you are adding the record to your DNS server.  Pointing to the remote DNS server, if not a member of your domain, will actually "mess up" local DNS .  DNS is the best solution if it will be available while the VPN is connected, and if it will update, but I don't see it updating. You could manually change it in DNS if it ever changes.

You want a forward lookup record, not reverse, as it is the IP that may change, not the name.

I suspect the vendor recommends a host record as it works consistently.
0
 
UnHeardOfCommented:
Rob,
How would a conditional forwarder for a domain ( which requires an ip of the vendors name server to forward the queries to ) hurt local Dns. Queries would only be sent to the forwarder that have the same domain suffix. Since the clients wouldnt have the suffix in their configuration, the only way the forwarder would be used would be by a client that is trying to resolve the Fully Qualified Domain Name.

I'm not saying that this may be the best fit for this scenario but until we hear back these are just suggestions.
0
 
Rob WilliamsCommented:
If split tunneling is enabled on the VPN connection, i.e. local and remote subnets are accessible simultaneously, a conditional forwarder is a good Idea.  The issue to which I was referring was adding the remote site's DNS server's IP to the DNS configuration of the NIC's on each PC. The DNS server will need to be set to use forwarders rather than root hints but should work.  
A Note regarding forwarders; "Due to a code defect in Windows ServerĀ® 2008, the checkbox next to Use root hints if no forwarders are available actually configures the opposite behavior"  from: https://technet.microsoft.com/en-us/library/ff807391(v=ws.10)
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now