Re: 2 DNS servers, one for Internet, one for AD

Jo Stick <jo@xxxxxxxxx> wrote:
Thanks for responding. My own PC is behind a firewall, as is the
office, so there is no security problem there. The VPN is between the
firewalls. I guess I wasn't clear with my question. What I woul dlik
eto achieve is for my PC to do its name resolution for non-work
domain addresses through the ISP DNS server, but to still register
with the office DNS and use it for LAN lookups. All works if I only
have the office DNS in my PC settings, but internt is slower to
browse as it involvees going to office server though VPN rather than
straight up to ISP.
Jo

Well....you probably aren't going through the office network to get to the
Internet - just for your DNS resolution. Unfortunately, there's no way to
make this work as you wish. Your computer's communication with AD will be
very badly screwed up if you use anything other than the office DNS server.
If there's a terminal services box, or WinXP Pro box, in the office network,
it won't matter what you have in your own IP config; you can initiate an RD
session to the office, and then use your own browser (locally) to surf,
using your ISP's DNS servers. And performance for pretty much everything
will be a lot better, because very little will actually be going across the
slow VPN link (just screen shots).




"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:ePQfUuBuHHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
Jo Stick <jo@xxxxxxxxx> wrote:
I work remotely, connected by VPN to the office server and Active
Directory. For AD to wotk properly, I need to use the office server
for DNS, but this makes Internet lookups slow. Is there a way to
have my remote PC direct Internet DNS queries to my ISP but still
retain the use of the office DNS where appropriate?

thanks for help,
Jo

You'd need to disable the "use remote gateway" option in your VPN
client (if this is permitted) but note that this is a bad idea from
a security perspective. You'd be exposing your company's network to
any traffic coming in to your own. And yes, having anything other
than the internal DNS server in can cause AD problems.

If your office has a terminal server, or an XP Pro box you can use
for Remote Desktop, that might be a better option.

You really ought to talk to your office IT folk about this, I think.



.

Relevant Pages

  • Re: Non-domain connection problem
    ... "Gregg Hill" wrote: ... You said that you "hard coded the DNS server to a known DNS on the ... Connect to Internet from external network ...
    (microsoft.public.windows.server.sbs)
  • Re: Added router, lost web site
    ... Did your ISP create a DNS record for your FQDN? ... > really have a direct connection. ... > Internet connection information: ... > Preferred DNS server: someisp DNS server address ...
    (microsoft.public.windows.server.sbs)
  • Re: Unix Bind and Windows DNS with Dynamic update issues!!!
    ... >suggest but it does NOT service internal clients directly. ... still have UNIX BIND to do the rest for host name and internet resolution. ... Windows 2003 DNS will acting as another internal DNS server like UNIX BIND? ...
    (microsoft.public.win2000.dns)
  • Re: DNS not resolving correctly on VPN
    ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ...
    (microsoft.public.win2000.dns)
  • Re: Unix Bind and Windows DNS with Dynamic update issues!!!
    ... >> 2) All internal DNS clients NIC\IP properties must specify SOLELY ... >> we are running UNIX BIND as internal and external DNS server. ... > expose your sensitive internal information on the Internet. ... >> internal clients like Windows, Mac etc are pointing to UNIX BIND server to ...
    (microsoft.public.win2000.dns)