I'm managing a small business with four locations interconnected through tunnels, and we're transitioning away from server-centric operations. Currently, about half of our computers rely on Active Directory and access mapped drives using hostnames due to Excel Macros, which makes using IP addresses unfeasible. Right now, all locations' DNS settings point to our Domain Controller, but if the primary location has internet issues, it cripples the other sites. During long outages, I have to manually change the firewalls to public DNS to restore internet access. What's the best approach to manage DNS in this situation? I've thought about setting a public DNS as secondary, but I've heard that creates problems too. We can't add a Domain Controller at each site, so how can we reduce reliance on the main office until we fully switch to a serverless model? I'm also considering using conditional DNS forwarding on our Fortigates.
3 Answers
Have you thought about looking into a redundant internet option? That could really help with downtime at your primary office. Even if there are issues with the tunnels, having a backup way to connect could be beneficial.
To avoid being completely dependent on one uplink at the main office, consider placing DNS recursors at each site. This way, your access to the public network won’t hinge on the performance of a single server. If you can't get another DNS or MSAD server, think about relocating your existing one to a site with a stable internet connection.
You really need at least two domain controllers to ensure redundancy. If possible, consider adding another DC at one of the locations or even host one in the cloud. Then set up site-to-site VPNs from each site to the cloud. That way, even if your primary location goes down, you won’t lose access completely.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures