How to access an intranet dns server over a VPN to provide name resolution of remote network
I am unable to resolve the names across a vpn tunnel connecting two private networks. I have a small private network (A) that is connected to a larger private network (B) over a vpn. To allow access to several database applications provided by network B. The vpn connection is made through a Netgear prosafe router to a Cisco router. My network A uses the ISP provided dns server addresses and is setup as a workgroup. The larger network B is set up as a domain and has their own internal dns servers set up. Some of network B's internal address is set up as IP and some are set up as names.
My issue is that I cannot resolve the addresses that are names.
I have been given two alternatives to solve my problem.
1) Place a host file, network B's IP naming convention and network B's dns server address on each of my client computers.
2) Make network B's dns server addresses the dns address used by my router.
I do not like either of these options. Option 1 is labor intensive especially if there are changes down the road and option 2 means that I am relying on their network and my access to there network.
I also have a dell power edge server running windows 2k. I was wondering if it would be possible to use it as a dns server that simply directs requests to my ISP dns servers and then to network B's dns server if either the ISP dns server failed or if the domain was that of network B's.
Software/Hardware used:
Software/Hardware used:
ASKED:
May 22, 2008 2:48 PM
UPDATED:
May 23, 2008 4:04 PM
Answer Wiki:
Option #2 is really the best option. This is what is called "split DNS". In a split DNS infrastructure, you create two zones for the same domain, one to be used by the internal network, the other used by the external network. Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution. Since you need to reach some private hosts that are not publicly accessible, you see that name resolution is critical. See this <a href="http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html">tutorial</a> for more details on why this is a good thing. Another good resource is <a href="http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html">here</a>.
********************
You could use the Dell as DNS as well. Just set it up for udates from your other site and set referrals to your ISP. Let your local resources resolve, address and authenticate. You also don't mention, is this domain AD? Integrated DNS in AD works quite well across site to site VPN. I have a site in Toronto and one in US and Toronto DNS works flawlessly (AD integrated) across a site to site VPN.
********************
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
