DNS Challenge

Started by owensit, May 01, 2018, 08:58:46 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

owensit

May 01, 2018, 08:58:46 AM
Hi

We have several sites all linked together with a MPLS.  HQ has a DNS server and at HQ everything works very well.  Each site has its own router that has a unique IP range.  Each site can see the HQ DNS server (192.168.100.13) but as it only acts as DNS for HQ, each site does not recognise the DNS entries.  We therefore have a few challenges.

A. Although each site can see HQ servers, they cannot access by name (only by IP address), therefore Intranet names do not work.
B. Each PC is set up at HQ.  However, if a PC is at a different site and needs to be set up with a different user, it is cumbersome. We have to login as the PC admin, then do a software VPN and then login as the new user.

We are trying to think of a way around this. 

A. We can copy a hosts file from a central location at HQ to each PC on PC start up.  This seems very old fashioned but will not resolve B.
B. We have investigated reverese DNS possibilities on our firewall but the central firewall cannot do this.

Is there a simple elegant solution that would help us around our challenge here?


deanwebb

#1
May 01, 2018, 09:03:34 AM
Does your DHCP scope for the remote sites include a setting for DNS server? The HQ DNS IP address would go there.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

SimonV

#2
May 02, 2018, 01:03:21 AM
What deanwebb said, and also make sure to hand out your internal DNS zone as the search domain in the DHCP requests.

Dieselboy

#3
May 30, 2018, 10:06:28 PM
Dean and Simon already made excellent comments / info.

In addition to that:
Are all the PCs domain-joined? I think from your post that they are. The issue is when a new user tries to log in to the computer at the remote site, it doesnt allow them to log in?

For users to be able to log in (such as new users in the remote site) the computers need to be able to do a dns lookup on the domain. Say for example your domain is 'my.domain.com' - then each of your computers needs to be able to do dns lookup on the domain and it should resolve to Active Directory servers.  Run nslookup at the command prompt for this.

I'm guessing that you have a set up something like, in HQ the computers DNS servers point to Active Directory servers? But in the remote site, their DNS server is some local dns server there, or the ISP dns servers?

I think what you need to do for the remote site is have them also pointing to Active Directory DNS servers. This can be over the mpls or a local AD domain joined server in their local (remote) office. I have a similar set up to what you describe. What I am doing for the moment is forwarding DHCP from the remote site back to the HQ AD DNS servers. This is because I dont have server hardware in the local site to implement a local AD DC.
Print
Go Up Pages1
User actions