Two DCs at home office, one remote office...DNS resolution?

JeffR

8/1/23, 10:05 AM

Our main office has two domain controllers (Windows Server 2016), shown as one below for simplification. I'm bringing up a remote office, with a firewall at each location. I'm trying to keep the config as simple as possible. The main office works just fine to get to the internet and all users on the main office lan can authenticate:

What I want to do is be able to login to the active directory domain from the remote office. I'm trying to NOT have an AD at the remote office and as I said I'm trying to keep it as simple as possible.

What DNS do I have the remote PCs (PCR1 and PCR2) use so it will find SRVDC and can get to and use the file shares on SRVFS?

Or am I better served with the same private LAN on both offices of 192.168.1.0/24 with the firewalls setup with overlapping networks (which seems overly complex to me)?

0 + 0

domain-name-system

remote

site-to-site-vpn

Score:3

Server

joeqwerty

8/1/23, 12:27 PM

What you want to do is to create a site-to-site VPN connection between the two offices. The remote office computers would use the same DNS servers as the main office, which presumably are your Domain Controllers.

EDIT

You have Domain Controllers at the home office which are presumably also the DNS servers for your AD domain (hosting your AD DNS zone). All computers in the home office use these Domain Controllers for DNS. All domain joined computers (workstations, laptops, servers, etc.) have DNS records registered in this AD DNS zone. You might also have DNS records registered in this AD DNS zone for other systems and services (internal websites, applications, etc.). All computers query these DNS servers to resolve DNS queries for the DNS records in this DNS zone. Set up a site-to-site VPN connection between the two offices and configure all of the computers (workstations, laptops, servers, etc.) in the remote office to use the DNS servers in the home office, just the same as all of the computers in the home office do. This is a pretty standard configuration, deployed in countless organizations around the globe.

0 + 0

JeffR

8/1/23, 12:46 PM

so you're saying the DNS of the remote office computers would just point to 192.168.1.31 (in this example)?

Greg Askew

8/1/23, 12:57 PM

@JeffR: Active Directory clients use AD for DNS, unless you have another DNS server that could serve as a forwarder for your internal domain. But you only have one DNS server.

JeffR

8/1/23, 1:29 PM

Ok, so the primary DNS of PCR1 and PCR2 should be the 192.168.1.31, and the secondary would be, say, a DNS server at the remote site to handle local resources for the 192.168.2.0/24 network?

joeqwerty

8/1/23, 1:54 PM

@JeffR See my edit.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Two DCs at home office, one remote office...DNS resolution?

TH: DC 2 ตัวที่โฮมออฟฟิศ 1 ตัวจากระยะไกล...DNS resolution?

RO: Doi DC la biroul de acasă, un birou la distanță... rezoluție DNS?

RU: Два контроллера домена в домашнем офисе, один удаленный офис... Разрешение DNS?

VI: Hai DC tại văn phòng tại nhà, một văn phòng từ xa...Độ phân giải DNS?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.