Hi all. I have 2 sites with one AD 2 domain controllers at site A and one @ siteB. I have AD integrated DNS. All domain controllers are also DNS servers and each site has a copy of the GC. I have a ftp server at siteA which is accessible by siteB over a VPN connection and it has both an external and internal IP address. I would like siteB to connect to this server using the external IP as well as any remote users and siteA to continue to use the internal IP but both using the same name for the server ftp.domain.com . How can I configure DNS to give the correct IPs to both sites?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
multiple site DNS
- Thread starter teqmod
- Start date
Can you provide more info about the network configuration.
Is domain.com the AD domain name and your external DNS domain name?
How many connections (ISP) do you have at each site?
I asume that your network config should look like approximately like this:
NetoMeter
Is domain.com the AD domain name and your external DNS domain name?
How many connections (ISP) do you have at each site?
I asume that your network config should look like approximately like this:
- Thread starter
- #3
Hi!
It is clear from the diagram that the external users query the external DNS server for ftp.domain.com and resolve it to its external (public) IP address.
It is also clear that the server is member of the domain domain.com and is registered as ftp.domain.com with its internal IP address in the AD integrated DNS zone. As this is AD integrated DNS zone it is consistent across the DNS servers and you can not have ftp.domain.com registered with different IP address at the DNS server at Site A and Site B.
A workaround is to register another A name for ftp1.domain.com with the external IP. The users at Site B can use ftp1.domain.com and connect to it using its external IP address.
Another approach would be to use host files for the users at Site B just for the name resolution for ftp.domain.com but I don’t think that is a wise idea.
The main question that stands is what is the benefit from accessing the FTP server at Site A not through the VPN connection. Site B has only one Internet Provider and avoiding the VPN connection for the ftp traffic will not save bandwidth. As for the CPU utilization if you are using serious equipment at Site B like Cisco PIX or Routers, Checkpoint firewall etc. it will not be an issue.
You mention that you have a couple of ISP at Site A so dedicating one of the ISPs to the FTP traffic sounds like a reasonable approach.
Again, I would recommend using a different name like ftp1.domain.com resolved to the external IP of the ftp server at Site B.
I hope this post was helpful.
NetoMeter
It is clear from the diagram that the external users query the external DNS server for ftp.domain.com and resolve it to its external (public) IP address.
It is also clear that the server is member of the domain domain.com and is registered as ftp.domain.com with its internal IP address in the AD integrated DNS zone. As this is AD integrated DNS zone it is consistent across the DNS servers and you can not have ftp.domain.com registered with different IP address at the DNS server at Site A and Site B.
A workaround is to register another A name for ftp1.domain.com with the external IP. The users at Site B can use ftp1.domain.com and connect to it using its external IP address.
Another approach would be to use host files for the users at Site B just for the name resolution for ftp.domain.com but I don’t think that is a wise idea.
The main question that stands is what is the benefit from accessing the FTP server at Site A not through the VPN connection. Site B has only one Internet Provider and avoiding the VPN connection for the ftp traffic will not save bandwidth. As for the CPU utilization if you are using serious equipment at Site B like Cisco PIX or Routers, Checkpoint firewall etc. it will not be an issue.
You mention that you have a couple of ISP at Site A so dedicating one of the ISPs to the FTP traffic sounds like a reasonable approach.
Again, I would recommend using a different name like ftp1.domain.com resolved to the external IP of the ftp server at Site B.
I hope this post was helpful.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question