How to access an intranet dns server over a VPN to provide name resolution of remote network

5 pts.
I am unable to resolve the names across a VPN tunnel connecting two private networks. I have a small private network (A) that is connected to a larger private network (B) over a vpn. To allow access to several database applications provided by network B. The vpn connection is made through a Netgear prosafe router to a Cisco router. My network A uses the ISP provided dns server addresses and is setup as a workgroup. The larger network B is set up as a domain and has their own internal dns servers set up. Some of network B's internal address is set up as IP and some are set up as names. My issue is that I cannot resolve the addresses that are names. I have been given two alternatives to solve my problem.
  1. Place a host file, network B's IP naming convention and network B's dns server address on each of my client computers.
  2. Make network B's dns server addresses the dns address used by my router.
I do not like either of these options. Option 1 is labor intensive especially if there are changes down the road and option 2 means that I am relying on their network and my access to there network. I also have a Dell power edge server running windows 2k. I was wondering if it would be possible to use it as a dns server that simply directs requests to my ISP dns servers and then to network B's dns server if either the ISP dns server failed or if the domain was that of network B's.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Option #2 is really the best option. This is what is called “split DNS”. In a split DNS infrastructure, you create two zones for the same domain, one to be used by the internal network, the other used by the external network. Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution. Since you need to reach some private hosts that are not publicly accessible, you see that name resolution is critical. See this tutorial for more details on why this is a good thing. Another good resource is here.

You could use the Dell as DNS as well. Just set it up for udates from your other site and set referrals to your ISP. Let your local resources resolve, address and authenticate. You also don’t mention, is this domain AD? Integrated DNS in AD works quite well across site to site VPN. I have a site in Toronto and one in US and Toronto DNS works flawlessly (AD integrated) across a site to site VPN.

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: