Best practice - DNS in a multi-site network?
-
Hi all
This is more of a post I'm hoping to learn from rather than to solve a problem at this stage.
I'm new to VPNs and I'm trying to experiment with some things in my home lab to better my knowledge of networking.
I've thought of two scenarios and I am looking for the best 'industry standard' way of doing things.
Scenario 1:
A network with two sites, Site A (main office) and Site B (branch office). Both sites connected by a OpenVPN tunnel between two pfSense routers. DHCP and DNS are handled by pfSense at both sites. How would I ensure proper internal DNS resolution across the tunnel? So for example if I were to ping a machine by hostname which is located at Site B, from Site A and vice versa, how should DNS be configured to resolve the name on a different subnet?Scenario 2:
A Windows network with two sites, Site A (main office) and Site B (branch office). Both sites connected by a OpenVPN tunnel between two pfSense routers. DHCP and DNS are handled by the Windows Domain Controller at Site A, DHCP and DNS are handled by pfSense at Site B. How should I configure Site B to register internal DNS names on the PDC at Site A to ensure the Windows Domain functions work correctly? -
Well for starters pfsense dns servers dnsmasq or unbound are not really meant as authoritative servers, and do not do zone transfers.. Not really something I would use in a production/enterprise dns setup to be honest. But if you want you really should have different fqdn for each site.. So for host in site A, host.sitea.domain.tld and in site B it would be host.siteb.domain.tld They could be same parent domain that way, or could just be host.siteadomain.tld and sitebdomain.tld etc..
You would then create domain overrides pointing to pfsense at the other site for the domain in question.
In scenario 2, to be honest you really should have a DC at that branch site.. If your not going to use a DC at that site, I would have your clients use both dhcp and dns from the main site DC, and would not use dhcp or dns on pfsense at all in this remote site.