Hola Meraki Community!
I'm upgrading a remote site from a Barracuda firewall to an MX64. Now, this site currently has a "DNS Service" install on the Barracuda to split DNS. This remote site has it's PCs domain joined (hence the current setup). On the MX how am I able to do this (if necessary) to have normal internet requests go through ISP DNS, and only AD requests through the VPN tunnel?
What would be "best practice" then so users can authenticate? I typically setup IPsec tunnels, but don't want ALL their traffic flowing through the VPN.
Thanks for the image. My only issue here is our corporate firewall is not Meraki, it's Barracuda. So when I select Spoke, I have no option of manually creating the hub. Under Organization-Wide Settings I do have the Non Meraki Peer created.
@jdsilva is correct. You should direct all your DNS requests to the AD servers. The actual web browsing and the like will still go out the local circuit.
It's while back since last response here but this issue as well.
We have a hub in Amsterdam with internet breakout plus internal DNS servers which have forwarders to resolve public DNS.
Now we have a site in Santa Cruz, when they want to use internal server(customer.local) they use our configured internal server in Amsterdam. Same goes for public server.
now this client in Santa Cruz goes over to google hangout, then it gets IP adresses back from NL hosted google servers. The client is then having hangout with NL servers (including the latency penalty).
This is where I need to have split DNS: resolve for .local domain's on my own servers, and the rest using the local internet breakout.
Still not supported?