DC problem after move

Hi Experts,

I have 3 DC´s in my network.
Now one DC needed to go to a different network on another site. This site is connected via VPN.

I can ping the machines but my new dc canot replicate with old ones in the other network.
Is it possible to repair the DNS on the new site ?
Is it possible to have DNS over VPN IPSEC ?
Eprs_AdminSystem ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad BurhanManager I.T.Commented:
check DNS properties, does it have a valid listen interface ?
Eprs_AdminSystem ArchitectAuthor Commented:
Yes the listening interface is valid.

But the main DC is on the other site of the tunnel.
Is it possible to have DNS through and after the tunnel ?
Muhammad BurhanManager I.T.Commented:
yes it is possible!
have you configure your VPN with router/firewall or Server ?

did a ping test for verifying connectivity from the previous site first
Muhammad BurhanManager I.T.Commented:
First the end-user PC contacts its' DNS server to resolve the name.

Second, that DNS server either needs to know it, or it needs to forward the request.

Third, that forward needs to go to a DNS server that does know.

It isn't enough to just be connected. Most routers do not specify a VPN as a default gateway and only forward traffic that it knows lies on the other side of the tunnel. All unknown traffic is send to the internet, its' defualt gateway, your ISP.

If your VPN is also your default Gateway, then your requests are forwarded through the VPN to the remote network for resolution and bing, it connects.

add the remote DNS zone to the local DNS server as a copy, that way it gets all the IP addresses from the remote networks' DNS server and can answer your requests itself. If you do not have a local DNS server that you can configure, you probably will need to specify the tunnel as the default gateway.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.