locked
Outside Workstations RRS feed

  • Question

  • Recently I posted a question on the server general forum about workstations that are part of our Win2003 domain but located at a distance. These domain workstations connect to the domain with a T1 line. The setup is to use the local ISP DNS, who provides the T1,for DNS services. The workstations are on a separate subnet with the ISP as both the default gateway and DNS. Each workstation has a persistent route to the domain location.

    As an administrator using Powershell, WMI and other stuff this has cause some problems since I have trouble connecting to and managing these workstations. It is also difficult to update them. The responders on the general forum also stated that there is a security issue having a DNS service not under our management providing DNS service to domain workstations. The responders recommended that I only use domain DNS servers to provide DNS info.

    Iam now testing how these changes might work. I have a distant workstation, WinXP, that I have a VPN connection to the domain location and have joined the workstation to the domain. I have set the network setting to use a domain DC for DNS but have kept the default gateway to the local ISP.

    I want the test workstation to use the domain DC for DNS service but the local ISP for Internet traffic. How do I check to insure this is happening. BTW the domain VPN connection is a Cisco ASA and I am using the Cisco VPN client.

     

    Tuesday, July 27, 2010 2:12 PM

Answers

  • Hi,

     

    Thank you for your post here.

     

    Yes, the domain DC with DNS service installed should be set as the DNS server on the remote client who connect to the domain via VPN. In the scenarios with RRAS VPN server, you may configure the RRAS to assign IP address for VPN clients from internal DHCP service. With the IP addresses lease from internal DHCP server, the DNS server address will be distributed to clients.

     

    In your environment that you have Cisco ASA VPN server, please check whether you can assign IP address with Windows DHCP service. If you cannot, check how it works if you manually assign DNS server address in the static IP address pool.

     

     

     

    • Marked as answer by Myrt Webb Thursday, July 29, 2010 2:32 PM
    Wednesday, July 28, 2010 6:13 AM