none
DNS Queries between two locations when connected to VPN RRS feed

  • Question

  • Hi this is regarding resolving DNS Queries between two locations when connected to VPN.

    Sharing details;

    1. Our two offices are connected via Site to Site VPN (Office-A and Office-B, two different geo-locations)
    2. Our all DNS servers are located in Office-A only and there are no DNS servers in Office-B
    3. When users from Office-B connects to VPN and access the local resources in Office-A then everything works, problem is all Internet queries are taken care by DNS Servers in Office-A only 
    4. Example: if google is accessed then it is getting routed from Local DNS servers located in Office-A and it is resulting slowness and increased in latency

    So in this case how to restrict DNS forwarding for specific source IP Ranges connecting from VPN

    -Atul


    TheAtulA

    Thursday, May 17, 2018 9:20 AM

Answers

  • Hi,

    Thanks for your question.

    In this thread, based on my experience, I suggest we could use DNS policy for applying filters on DNS queries of specific domain from specific the VPN subnet.

    Please refer to the following link for this implementation.

    Use DNS Policy for Applying Filters on DNS Queries

    https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries

    Due to the operation will affect your whole environment, please remember to backup the DNS server in case of any disaster unexpected.

    On the other hand, we could also configure DNS forwarder or Conditional Forwarder on the DNS server for resolution of name queries outside or specific domain names.

    DNS Forwarding improves performance, load balances, and makes your network more resilient. It provides a way to pass on namespaces or resource records that are not contained in a local Domain Name System (DNS) server’s zone to remote DNS server for resolution of name queries both inside and outside a network.

    We could try the following article detailly discusses about DNS forwarder and conditional forwarder for the implementation.

    https://medium.com/tech-jobs-academy/dns-forwarding-and-conditional-forwarding-f3118bc93984

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    In addition, we also could configure the clients from B-site with a public DNS server as an alternate DNS.

    Hope this helps. I look forward hearing your good news. If you have any questions, please feel free to let me know.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 18, 2018 6:48 AM

All replies

  • Hi,

    Thanks for your question.

    In this thread, based on my experience, I suggest we could use DNS policy for applying filters on DNS queries of specific domain from specific the VPN subnet.

    Please refer to the following link for this implementation.

    Use DNS Policy for Applying Filters on DNS Queries

    https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries

    Due to the operation will affect your whole environment, please remember to backup the DNS server in case of any disaster unexpected.

    On the other hand, we could also configure DNS forwarder or Conditional Forwarder on the DNS server for resolution of name queries outside or specific domain names.

    DNS Forwarding improves performance, load balances, and makes your network more resilient. It provides a way to pass on namespaces or resource records that are not contained in a local Domain Name System (DNS) server’s zone to remote DNS server for resolution of name queries both inside and outside a network.

    We could try the following article detailly discusses about DNS forwarder and conditional forwarder for the implementation.

    https://medium.com/tech-jobs-academy/dns-forwarding-and-conditional-forwarding-f3118bc93984

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    In addition, we also could configure the clients from B-site with a public DNS server as an alternate DNS.

    Hope this helps. I look forward hearing your good news. If you have any questions, please feel free to let me know.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 18, 2018 6:48 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 21, 2018 2:24 PM
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back
    Best Regards,
    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 24, 2018 4:39 PM