Question about DHCP Relay on secundary site with site-to-site VPN
-
Hello everyone,
I have a secundary site, with only one subnet, connected with primary one, through a site-to-site VPN, where it has access to our main subnet.
This secondary site was configured sometime ago, to be prepared in case of a failure on primary side, to be able to work (through a secundary public DNS server and a local DHCP for that subnet).
With this config when I had problems in main site, the only issue was the loss of communication with primary site, but it was just that:
Having a DHCP on secundary site subnet, the only limitation that I had was that those devices in that network, that was not added in domain AD, were isolated in that firewall, instead of being subcribed in our DNS server in primary side.
Now I need to automatically sign names for a big amount of devices in secundary site, so I have to use DHCP relay instead, but my fear is that, in a case of loss of communication with primary site, at least new devices and leases being expired, would have issues.
How do you usually setup this kind of scenarios?
Thanks in advance!
-
So, the way that I have found to solve this the best way, was to keep that DHCP on Network B and a subdomain there as foo.xyz.com, as a stand alone, and forward all xyz.com to my dc.xyz.com DNS server.
The problem that I am still trying to solve is that forwarding queries from my dc.xyz.com to pfsense.foo.xyz.com, are not being solved or even queried. Even the 10.0.10.1 is not solved and gaves the error message in validaded: the server with the IP address is not authoritative for the required zone.
I've delegated that subdomain foo.xyz.com to 10.0.10.1 DNS server who is the pfsense.foo.xyz.com. In my dc.xyz.com I have the following:
But testing from a stand alone pc in the same network of my dc.xyz.com, I am able to use the pfsense.foo.xyz.com as a DNS server.
Anyone here knows if I am missing some step or steps to be able to perform this setup?