none
DNS Behind IPSEC RRS feed

  • Question

  • Hi,

    Can anyone suggest the proper DNS Settings for remote branches connected to domain by ipsec vpn without a local DNS Server. We currently assiging IP addresses and DNS addresses from the local firewall device and the DNS server addresses are:

    Primary: Headoffice DNS1

    Secondary: GoogleDNS 8.8.8.8

    The advantage of using the above config is that users are able to connect to internet even if the primary DNS is not reachable but when it comes back they are not able to authenticate from Head office DNS and their systems start connecting to the public IP of the domain. If we use HO DNS Servers for both the entries then they are not able to use the internet if the tunnel is disconnected.

    Is using hosts file the only solution?

    Sunday, March 31, 2019 8:16 AM

All replies

  • Public IP of the domain? Is your AD domain routable?

    You could try Firewall rules to redirect specific traffic, OR have HOST records.


    If you find my reply helpful, please “Mark as Answer” and “Vote

    <sub>Get help on demand > expertise-as-a-service.com</sub>

    Sunday, March 31, 2019 1:46 PM
  • Hi,

    Thanks for your question.

    According to your description, do you means that when user want to connect to the internet it will use google DNS. However, if user want to access internal resource, it continue use google DNS, so user can not visit internal resource?

    If so, I think you can setup DNS forwarder. Usually, all DNS servers that handle address resolution within the network are configured to forward requests for addresses that are outside the network to a dedicated forwarder. 

    You can refer to this article:

    https://www.faqforge.com/windows-server-2012-r2/set-dns-forwarder-windows-server-2012-r2/ 

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

       

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, April 1, 2019 7:44 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 4, 2019 8:14 AM