Meraki

Community

DNS - Conditional forwarding

Gd29
Here to help
‎Aug 31 2020 10:27 AM
‎Aug 31 2020 10:27 AM

DNS - Conditional forwarding

we have multiple remote sites that use OpenDNS for direct internet access. The remote sites have no server infrastructure to run DNS. I have a headquarters with a handful of servers i need the clients to connect to. conditional forwarder would be a perfect scenario here on the MX (i just added via wishlist). not sure if anyone is doing something similar with a different solution. 

8 Replies 8
SoCalRacer
Kind of a big deal
‎Aug 31 2020 10:49 AM
‎Aug 31 2020 10:49 AM

No MX/Z at the remote sites?

0 Kudos
In response to SoCalRacer
Gd29
Here to help
‎Aug 31 2020 10:52 AM
‎Aug 31 2020 10:52 AM

there is an MX at each site with a VPN tunnel to headquarters. 

0 Kudos
In response to Gd29
SoCalRacer
Kind of a big deal
‎Aug 31 2020 10:59 AM
‎Aug 31 2020 10:59 AM

I would add the DNS from HQ as secondary DNS. Then make sure the machines are joined to the domain at HQ. I am assuming you have internal domains that you are trying to resolve at the remote sites with this fix.

0 Kudos
In response to SoCalRacer
Gd29
Here to help
‎Aug 31 2020 11:06 AM
‎Aug 31 2020 11:06 AM

i'll try that, i didnt think the client would try a second or third dns server listed if the primary was available. 

and yes, its for an internal zone at hq.

0 Kudos
In response to Gd29
jdsilva
Kind of a big deal
‎Aug 31 2020 12:12 PM
‎Aug 31 2020 12:12 PM

I'd suggest actually doing the opposite. Set the HQ as the primary DNS server, and the OpenDNS as the secondary. 

 

I assume the HQ DNS is configured to use OpenDNS itself for zones it's not authoritative on?

 

 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Aug 31 2020 12:39 PM
‎Aug 31 2020 12:39 PM

Leveraging the commercial variant of OpenDNS you could configure the Roaming Client / Anyconnect Module to handle this situation:

https://docs.umbrella.com/deployment-msp/docs/appendix-d-internal-domains-steps

0 Kudos
In response to jdsilva
Gd29
Here to help
‎Aug 31 2020 3:57 PM
‎Aug 31 2020 3:57 PM

@jdsilva thanks, I was considering this, but 2 of the sites is outside the US and the latency would likely make web browsing slow.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 31 2020 9:50 PM
‎Aug 31 2020 9:50 PM

If they are running Windows 10 Google "NRPT".  It lets you configure a name resolution policy.  You can say for the domain company.local send all the queries to my internal AD servers.

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.