DNS - Conditional forwarding

Gd29
Here to help

DNS - Conditional forwarding

we have multiple remote sites that use OpenDNS for direct internet access. The remote sites have no server infrastructure to run DNS. I have a headquarters with a handful of servers i need the clients to connect to. conditional forwarder would be a perfect scenario here on the MX (i just added via wishlist). not sure if anyone is doing something similar with a different solution. 

8 Replies 8
SoCalRacer
Kind of a big deal

No MX/Z at the remote sites?

Gd29
Here to help

there is an MX at each site with a VPN tunnel to headquarters. 

SoCalRacer
Kind of a big deal

I would add the DNS from HQ as secondary DNS. Then make sure the machines are joined to the domain at HQ. I am assuming you have internal domains that you are trying to resolve at the remote sites with this fix.

Gd29
Here to help

i'll try that, i didnt think the client would try a second or third dns server listed if the primary was available. 

and yes, its for an internal zone at hq.

jdsilva
Kind of a big deal

I'd suggest actually doing the opposite. Set the HQ as the primary DNS server, and the OpenDNS as the secondary. 

 

I assume the HQ DNS is configured to use OpenDNS itself for zones it's not authoritative on?

 

 

CptnCrnch
Kind of a big deal
Kind of a big deal

Leveraging the commercial variant of OpenDNS you could configure the Roaming Client / Anyconnect Module to handle this situation:

https://docs.umbrella.com/deployment-msp/docs/appendix-d-internal-domains-steps

Gd29
Here to help

@jdsilva thanks, I was considering this, but 2 of the sites is outside the US and the latency would likely make web browsing slow.

PhilipDAth
Kind of a big deal
Kind of a big deal

If they are running Windows 10 Google "NRPT".  It lets you configure a name resolution policy.  You can say for the domain company.local send all the queries to my internal AD servers.

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels