[shon]

I have three Sites that are broken up by the following:

Site A: 192.168.10.xxx (New York)
Primary DC for : domain.local
Primary DNS for: domain.local
Additional Roles: File and Print Server, GAL
Network Card Properties:
IP: 192.168.10.5
Sub: 255.255.255.0
GW: 192.168.10.1
Primary DNS: 192.168.10.5
Secondary: None
DNS Server Properties
Forwarders: isp.dnsserver-1.com, isp.dnsserver-2.com


Site B: 192.168.20.xxx (Miami)
Secondary DC for : domain.local
Secondary DNS for: domain.local
Additional Roles: File and Print Server, GAL
Network Card Properties:
IP: 192.168.20.5
Sub: 255.255.255.0
GW: 192.168.20.1
Primary DNS: 192.168.10.5 <-- New York DC
Secondary: None
Forwarders: isp.dnsserver-2.net, isp.dnsserver-2.net (Local ISP's DNS Servers of Miami's site)

Site C: 192.168.30.xxx (Los Angeles)
Secondary DC for : domain.local
Secondary DNS for: domain.local
Additional Roles: File and Print Server, GAL
Network Card Properties:
IP: 192.168.30.5
Sub: 255.255.255.0
GW: 192.168.30.1
Primary DNS: 192.168.10.5 <-- New York DC
Secondary: None
Forwarders: isp.dnsserver-3.org, isp.dnsserver-3.org (Local ISP's DNS Servers of Los Angeles site)


Everything works fine except for when Site A's internet connectivity goes down.

That means that anyone who is at Site B, or C can no longer surf the internet.

The sites are fully redundant and have a Primary and Secondary Internet connections with Primary and Secondary VPN tunnels back to Site A.

I'm under the impression for AD to function correctly between Primary DC/DNS and Secondary DC/DNS Servers that the Secondary DC/DNS Servers need to be pointed to the Primary DC/DNS Servers in the network card properties. (As seen in my config above)

Ultimately I would like the Secondary DNS Servers(Site B, and C) use the DNS Servers that are local to them for internet DNS queries only AND for anything destine for domain.local to obviously query the Primary DNS Servers.

Thanks!

[AndyJG247]

I believe for DCs per site that you have the primary pointing at another server and the secondary as the local server. This allows AD to start when a server is restarted. Interestingly you have written in Site A that the primary DNS is the router?

I wouldn't setup any DC in 1 site to use a DNS in another site unless you have specific reasons for that.

EDIT: To confirm. Change the DNS in each site to local servers. As it stands if you lose Site A you will start having issues. I assume your clients all us local DCs for DNS?

[shon]

Quote:

Originally Posted by AndyJG247

I believe for DCs per site that you have the primary pointing at another server and the secondary as the local server. This allows AD to start when a server is restarted. Interestingly you have written in Site A that the primary DNS is the router?

I wouldn't setup any DC in 1 site to use a DNS in another site unless you have specific reasons for that.

EDIT: To confirm. Change the DNS in each site to local servers. As it stands if you lose Site A you will start having issues. I assume your clients all us local DCs for DNS?

Yes your assumption is correct that clients for all sites (A,B,C) query their local servers for DNS.

*I edited Site A to reflect the right Primary DNS Server that its currently set too*

[AndyJG247]

Ok, it is one of two things, DNS or connectivity. Can you ping public IP etc when it fails?

[shon]

Quote:

Originally Posted by AndyJG247

Ok, it is one of two things, DNS or connectivity. Can you ping public IP etc when it fails?

It was only DNS that I was wondering about. Thanks for the advice you've answered all my questions.

Thanks

[guyt]

Are you using primary/secondary zones or AD integrate zones ?