DNS between remote locations

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

I just implemented a LAN to LAN connection via the
internet between two sonicwall firewall appliances. The
remote location and the main office are on different
subnets. Netbios is allowed between the connections so
browsing and name resolution all work great. I have a
Native Mode AD domain setup in my main office and I want
to get DNS setup properly. In the remote office they
access the internet from their local connection. I have
our DNS server in our main office set as the first DNS
server they use and the ones from their local ISP are
secondary. What would be the best way to structure AD
and DNS to make things most efficient? Do I need to add
a new site in AD and then DNS will take care of itself?
Do I make all needed modifications on the DNS server on
my main office LAN? I am new to this and am looking for
some direction.

Thanks,

Mike
 
Some of this will depend on whether or not there are dc/s or other win2k
servers in the remote site, how many users there are there, and the
available bandwidth between those two sites.
I would recommend that the ISP not be listed as an alternate in the IP
settings for the dns server in your main office, and that the dns server
only point to itself for dns. Having alternates like that in there can
cause some name resolution problems, and would recommend that you remove it
from there and then set up a Forwarder for it instead (properties of the
server icon in dns then Forwarders tab - if grayed out you'd need to delete
the "." root zone first to make Forwarders available - stop/start dns
service to speed that up). That way the dc will resolve all doman dns
issues and automatically forward to the ISP any queries that it needs too.
(if you remove it, then run "ipconfig /flushdns" then "ipconfig
/registerdns" to get it out of cache.
The remote site can either use your main office dns server, if another dc in
remote site dns could be installed in it with AD intergrated zone so AD
replication would keep both updated (assuming main office dns server is also
a dc), or you could run a standard primary zone in the main office and set
up a secondary zone on another dns server in the remote site so they
wouldn't have to hit the main office all the time.
Again, a lot of this depends on the questions in the first sentence, and
also on individual admin preferences.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
David,

First of all I want to thank you for answering my
question. Here is some more information.

The remote site does not have any Servers or DC's and
there are only 3 computers currently and maybe 1 more in
the future. We are running a 640 down / 256 Up DSL
line. My DNS server in my main office is pointed to
itself and is configured with forwarders. I don't plan
on putting in a server in the remote office but I want to
make the connection as efficient as possible yet
integrate it into my AD / DNS domain back in the main
office. I don't want my people to feel like they are
remote and I want to make the connection as seamless as
possible.

Thanks,

Mike
 
Hi Mike,
Are the clients in the remote office members of the W2K AD Domain? If
yes, then the clients in the remote office and the main office should only
be using your internal DNS server for name resolution. If you have there
secondary set to the ISP and they members of the domain you are going to
run into problems with Authentication on the Domian. If the clients in the
remote office are in the domain, have you considered putting a domain
controller in the remote office, then it would run DNS and the information
would replicate with eachother.

If the remote office system are not a member of the domain, your current
config will work.

Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
For the size of that office, I'd just point them to your main office dns and
you should be good to go. You might consider adding another dns server in
main office for fault tolerance, for both remote and local users pointing
them to both for dns, but that's optional.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
David,

Is there anything I need to do in my DNS setup in my main
office DNS Server? I am running an AD Integrated zone.

Mike
 
Back
Top