Re: Laptop DNS Settings for Traveling User Laptops

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Herb,

Thank your confirming what I believe to be the facts (my underlying
knowledge of DNS). At 2am I was looking for a sanity check and a way
to deal with a manager who knows I'm arong about DNS and he is right.
I need to fidn a differetn forumn for that I'm sure.

I'm not quite sure though I understand how the MCSE comments apply to
me specifically, but that's ok. They hired me for my credentials but
disagree with everything I say to either 1)make sure they have the
credit for the work, or 2) avoid any harm their egos if they were
proven wrong. 8)

Politics have the ultimate authority.

Thanks again,
J

Herb Martin wrote:
<jocharflet@xxxxxxxxx> wrote in message
news:1164701016.038736.248940@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Does anyone else see an issue with setting up a laptop with hard coded
DNS entires in the following way:

Primary - a DNS server that resides in an offsite colocation facility
(20 miles away)
Secondary - a public DNS server
Tertiary - a DNS server located at headquarters

Sure, everyone who does client-side DNS incorrectly
that way sees such problems.

DNS clients must NOT mix different sets of DNS servers
which return different answers.

There is no reliable way to make that work.

Clients will take (either positive or negative) answers
from the first DNS server which answers (at all.)

DNS clients must use STRICTLY the internal set of
DNS servers which can resolve ALL names that will
ever be needed by that client.

It is then the responsibility of the DNS server(s) to
find external (or any other) names not held by the
internal DNS server(s) directly.

[Not an issue here, but remember that not only laptops
but even DCs and other Servers are "DNS clients" too.]

There are two types of laptop:
1. Laptops are used at remote sites who VPN into headquarters
2. Laptop at headquarters that VPN when traveling.

Both types of laptops use host files to find resources when they attach
to the network locally or VPN.

The logic is as follows: The Primary DNS server is that is where the
VPN router is. The public DNS server is needed when they are traveling
and need access to the internet only. The tertiary is used when they
login in at headquarters.

All the laptops are XP. So far I have seen poor performance at
headquarters every so often because the logon server is the DNS server
at the offsite colocation facility, or they cannot contact a domain
controller at all. Once I remove the public DNS entry they can log on.


We use a lot of AD aware applications that rely on proper DNS settings
(CRM, Outlook, for example), so I need to build the case to use DHCP
for all systems and find a VPN solution that pushes network settings
when they enable their VPNs.

Does anyone know if these settings are good and I'm just wrong about
how DNS works?

Looks like a very common but incorrect misunderstanding
of DNS client settings and DNS server responsibilities.

Or does anyone have any advice on how to "sell" my
concerns to management? My MCSE doesn't count for much where I work.
8/

It's not about the four letters (MCSE) but rather about
the underlying knowledge that let you earn that MCSE.

[For a long time, I didn't even bother to put my "MVP"
in my messages, preferring to let the 'authority' of my
answers derive from their correctness rather than the
perception of some award or designation.]

Properly used, the MCSE (and other certifications) are
a way to force yourself to really learn the product in
a broad way, and faster than you might otherwise do
through an accidental path of experience only.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

.

Relevant Pages

  • Re: DNS While PPTP / IPSec VPN is open
    ... You have set IPSec VPN between SBS server and a remote hardware firewall, ... DNS While PPTP / IPSec VPN is open ... |> Any machine using SBS services must use only the SBS as DNS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS servers to be used
    ... I occasionally have the same problem with my VPN connections. ... I do like the response "There is No DNS server on adapters" the obvious lack ... The dhcp server tells my wireless adapter to use the router ...
    (microsoft.public.windowsxp.network_web)
  • Re: VPN connection cannot resolve host name
    ... I got the VPN up again. ... I believe this means the DNS server is reachable. ... List of NetBt transports currently bound to the Redir ...
    (microsoft.public.win2000.networking)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... AD-Integrated DNS does not do zone transfers between the ... your DNS server will bypass ...
    (microsoft.public.windows.server.active_directory)
  • Re: DNS Resolver Uses Local DNS Server rather than VPN Provided DN
    ... It involves a registry edit for the VPN client, ... DNS server as their local DNS (i.e. if the local DHCP is passing out a public ... >>> client is resolving the DNS name to the external IP address. ...
    (microsoft.public.windowsxp.network_web)