Home
Join
check
  • I know I will throw the IP of my DCs in the DNS settings on the clients. Is that it? - Yes. Use only the DC as the dns server

    Will those clients use our DNS servers here for all lookups? Yes

    Should I stick a public IP in those DNS settings in case the VPN link ever fails? No. because it doesn't work like that and might use the public dns server for internal and fail.

    To join the domain use the fqdn as the domain suffix will not bne known (unless you manually set it) until domain joined.


    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • View Best Answer in replies below

    6 Replies

    • I know I will throw the IP of my DCs in the DNS settings on the clients. Is that it? - Yes. Use only the DC as the dns server

      Will those clients use our DNS servers here for all lookups? Yes

      Should I stick a public IP in those DNS settings in case the VPN link ever fails? No. because it doesn't work like that and might use the public dns server for internal and fail.

      To join the domain use the fqdn as the domain suffix will not bne known (unless you manually set it) until domain joined.


      Spice (3) flagReport
      Was this post helpful? thumb_up thumb_down
    • m@ttshaw​ I will extend his comment:
      Should I stick a public IP in those DNS settings in case the VPN link ever fails? No. because it doesn't work like that and might use the public dns server for internal and fail.

      I would add that with that configuration you have seen why people will often put a DNS/AD controller at the remote site, in case the VPN goes down AUTH can happen still to the domain, and also access to the internet, even if other servers become unavailable.


      Spice (1) flagReport
      Was this post helpful? thumb_up thumb_down
    • I was trying to avoid dropping a remote DC over there for 4 work stations. 

      Was this post helpful? thumb_up thumb_down
    • OctoberHouses​ I don't think you have to add the DC there for 4 users, just remember the VPN/internet goes down at either site, the users will lose connectivity to the internet there.  I suppose you could spin up just a read only or dns copy, but that's still a server. I've done what you are describing at a former employer, and it works fine until that internet crashes.  Honestly though you won't have access to servers either, so really the focus should be getting internet back anyway.

      You could setup failover internet/vpn I suppose (I mentioned elsewhere, this is a great job for a Meraki MX68).

      Was this post helpful? thumb_up thumb_down
    • "Should I stick a public IP in those DNS settings in case the VPN link ever fails?"
      You should never ever do this. Don't set public/external DNS addresses like 8.8.8.8, 4.2.2.4 etc on the servers as well as the workstations. Only DCs IP address should be set on the DCs and servers/workstations as DNS.

      Was this post helpful? thumb_up thumb_down
    • Yea servers are pointing at each other, clients in the main building are pointing to the servers. Servers then have the forwarders set in DNS setups. 

      Was this post helpful? thumb_up thumb_down

    Read these next...