Meraki

Community

DNS - Conditional forwarding

Gd29
Here to help
‎Aug 31 2020 10:27 AM
‎Aug 31 2020 10:27 AM

DNS - Conditional forwarding

we have multiple remote sites that use OpenDNS for direct internet access. The remote sites have no server infrastructure to run DNS. I have a headquarters with a handful of servers i need the clients to connect to. conditional forwarder would be a perfect scenario here on the MX (i just added via wishlist). not sure if anyone is doing something similar with a different solution. 

8 Replies 8
SoCalRacer
Kind of a big deal
‎Aug 31 2020 10:49 AM
‎Aug 31 2020 10:49 AM

No MX/Z at the remote sites?

0 Kudos
In response to SoCalRacer
Gd29
Here to help
‎Aug 31 2020 10:52 AM
‎Aug 31 2020 10:52 AM

there is an MX at each site with a VPN tunnel to headquarters. 

0 Kudos
In response to Gd29
SoCalRacer
Kind of a big deal
‎Aug 31 2020 10:59 AM
‎Aug 31 2020 10:59 AM

I would add the DNS from HQ as secondary DNS. Then make sure the machines are joined to the domain at HQ. I am assuming you have internal domains that you are trying to resolve at the remote sites with this fix.

0 Kudos
In response to SoCalRacer
Gd29
Here to help
‎Aug 31 2020 11:06 AM
‎Aug 31 2020 11:06 AM

i'll try that, i didnt think the client would try a second or third dns server listed if the primary was available. 

and yes, its for an internal zone at hq.

0 Kudos
In response to Gd29
jdsilva
Kind of a big deal
‎Aug 31 2020 12:12 PM
‎Aug 31 2020 12:12 PM

I'd suggest actually doing the opposite. Set the HQ as the primary DNS server, and the OpenDNS as the secondary. 

 

I assume the HQ DNS is configured to use OpenDNS itself for zones it's not authoritative on?

 

 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
CptnCrnch
Kind of a big deal
‎Aug 31 2020 12:39 PM
‎Aug 31 2020 12:39 PM

Leveraging the commercial variant of OpenDNS you could configure the Roaming Client / Anyconnect Module to handle this situation:

https://docs.umbrella.com/deployment-msp/docs/appendix-d-internal-domains-steps

0 Kudos
In response to jdsilva
Gd29
Here to help
‎Aug 31 2020 3:57 PM
‎Aug 31 2020 3:57 PM

@jdsilva thanks, I was considering this, but 2 of the sites is outside the US and the latency would likely make web browsing slow.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 31 2020 9:50 PM
‎Aug 31 2020 9:50 PM

If they are running Windows 10 Google "NRPT".  It lets you configure a name resolution policy.  You can say for the domain company.local send all the queries to my internal AD servers.

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn... 

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.