SBS via VPN DNS question

Discussion in 'PC Technical Talk' started by Graham J, May 16, 2009.

  1. Graham J

    Graham J Guest

    SBS2003 at head office connects to internet via Vigor router. At remote
    office, workstation connects to internet also using Vigor router.
    Workstation is joined to the Domain.

    Vigor routers implement a LAN-LAN VPN so that anything on head office
    network can see anything on remote office network and vice-versa.

    At remote office the router specifies itself as the DNS server, so this is
    what the clients see. This is normally ideal, because DNS queries for names
    on the internet are resolved via the ISP's DNS (the ISP serving the remote
    office).

    But clients need the SBS2003 to be their DNS server for all names relating
    to the local domain. OK so I could set the router to specify that the DNS
    server it publishes is the SBS2003 machine. But this means that absolutely
    all DNS requests go via the VPN to the SBS server, with consequent delay
    over the VPN and through SBS2003. Alternatively I can create a hosts file on
    the remote workstation(s) with all the names on the domain explicitly
    defined. The name of the SBS2003 is already defined there.

    Is there a better way? Can I get the workstation to refer to SBS2003 for
    local name resolution, and to the router for external name resolution? How
    does the workstation know which names are local??

    Any ideas, please?
     
    Graham J, May 16, 2009
    #1
    1. Advertisements

  2. Graham J

    Graham J Guest

    From what I understand if the router specifies 2 or more DNS servers then
    the workstations use those DNS servers at random, but probably more or less
    equally. So for 2 DNS servers an external name lookup request will go to
    the SBS server via the VPN about half the time - so some websites will seem
    to appear more slowly. Internal name lookup requests will go to the ISP's
    server about half the time, and will of course fail. The failure timeout or
    "not known here" message may take many seconds to arrive, so about half the
    internal requests will appear to be so slow as to cause the users to suspect
    system failure.

    I think you're right; its to prepare a suitable hosts file. Possibly also
    to define a WINS server, but I suspect this isn't used by modern systems.
     
    Graham J, May 19, 2009
    #2
    1. Advertisements

  3. Graham J

    Jim Crowther Guest

    In case you hadn't heard of it yet (a new work in progress) Steve Gibson
    has a very nifty DNS tester that might help those looking for clues as
    to DNS behaviour:
    http://www.grc.com/dns/benchmark.htm
     
    Jim Crowther, May 19, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.