How to merge two offices using DNS?

M

Muzhaos2015-04-01 16:02:37

Domain Name System

Muzhaos, 2015-04-01 16:02:37

Good afternoon.
In general there was a problem transparently to connect two offices in one network. Physically, it is not realistic to do this, since the offices are far from each other, and if it is real, it is very expensive to pull optics :) Initially, I approached the issue classically - VPN pptp. But this is not much, for many employees it is a headache, and the Internet speed drops because of this. I decided to go the other way, and everything even partially worked out, but not completely.
In general, the essence:
In office1, the Internet distributes a server based on windows server 2012, which is also a ball, which is also DHCP, which is also a DNS server, and which is also a domain controller. It has two network cards installed - one to the Internet, the other to the network, the provider gives us one external IP address. Classic in general. There is no server in office2, there are several workstations and a simple router. The router refused to connect to the server in office1 using VPN, as it apparently does not support Windows authorization (yes, I did everything on the server using windows). I tried to register on my computer in office2 as a DNS server the external IP of the server in office1 (since it is essentially a DNS server). And lo and behold, some things worked, some didn't. So now I can safely enter computers in office2 into the office1 domain, without any VPN, I can view the share on this server if I access it by server name, and not by IP, I can administer AD DS using RSAT, create users, assign rights, I can connect to the CD server in office1 by its name via RPD. But here all other machines in the domain are not visible to me. By IP it is clear that they are not visible, but by name they are also not visible. I looked at what was on the DNS server through the DNS manager - all domain machines are registered in the forward and reverse lookup zones. That is, in fact, everything is exactly as it should be, but I don’t see the rest of the cars. I need to ensure that any machine in the domain is available to me both for shares and for remote control and administration by its name. For the rest of the employees, you only need access to the server from 1C. Shara works without a VPN connection, but for 1C you already need to connect a VPN. Can you suggest something about this? After all, the main server is visible, which means you can somehow achieve that other machines in the domain network can be seen using DNS alone.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vitaly Sergeev, 2015-04-01
@Muzhaos

You are trying to connect a PC to a domain directly via the Internet by issuing an external ip to the domain controller. This approach will not give the desired result, and continued attempts to apply it will jeopardize the security of both offices.
You need to connect your two locales via VPN. You will get two subnets and routing between them. Domain controllers and PCs must be inside the local network and have local addresses. PCs will connect to the Internet through a separate proxy or gateway. The domain controller must not connect to the Internet! If it has a DNS that should resolve external addresses, set up forwarding through the gateway's DNS.

S

Sergey, 2015-04-01
@edinorog

1. PPTP 0_o? forget you already this vpn. He died!
2. Does your DK1 look at the Internet through the real one? 0_o
3. You would be fired for the fact that you do not know the elementary materiel. I am sending you to teach her immediately. I don't care what textbook. until your company has flown into the grandmother because of you.

A

Alexander, 2015-04-01
@yakupovak

In office1, the Internet distributes a server based on windows server 2012, which is also a ball, which is also DHCP, which is also a DNS server, and which is also a domain controller.

the problem lies here.