I can have a DNS server at HQ to be the first in the list, thanks folks. >>> Ben Scott <[email protected]> 8/12/2009 5:41 PM >>> On Wed, Aug 12, 2009 at 5:29 PM, Tom Miller<[email protected]> wrote: > How do you configure DNS for those sites?
Unless your Active Directory domain is delegated and reachable from the public DNS (fairly rare), you have to have DNS queries for your AD domain hit your internal DNS servers. > I could add entries in local host files and still leave > the provider DNS entries. Can you put SRV records in DRIVERS\ETC\HOSTS? If not, I don't think that will work. AD uses SRV records to find DCs and GCs. > I don't want DNS requests for sites going across tunnels. Why not? DNS is *tiny* compared to most protocols. One 512 byte packet for the question, one for the answer. If you absolutely cannot accept DNS on the VPN, then you'll have to put a nameserver at each remote site, and configure the nameserver to forward queries for your AD domain to your internal DNS, while allowing all other names to go straight to the public net. This can be done the MS-DNS that comes with with Win 2003 or later. You could also do it with ISC BIND on any old PC, provided you allow zone transfers from the DC to BIND. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
