Our environment consists of 100+ WAN connected sites. Currently the DNS
service is NOT installed on the DC at each site. DNS is currenty only running
at the hub location. All clients are configured via DHCP to use the hub site
DNS servers (Primary and Secondary). We would like to install DNS on all
domain controllers in the environment and force all clients to use their
local DC for name resolution. This is not a problem and should be fairly easy
to change.. My question is this...

If the local DNS server is down at the site, is there a way utilizing the
Windows Server 2003 DNS service to force the client to try and resolve using
public DNS to access publicly accessible services, such as: Outlook RPC over
http, citrix, etc.. before performing DNS queries back to the hub site
through the VPN tunnel? To try and make my question a little bit clearer,
here is a scenario...

Local DC is down...(xp client primary DNS is inaccessible)
VPN tunnel to hub site is down...(xp client secondary DNS is inaccessible)
Internet is still accessible and client will then use public DNS to resolve
and connect to publiclly accessible services. (RPC over HTTP, Citrix, Web
services).

**Side Note ** We utilize a device which gives us the ability to provide
split tunneling, so we sometimes can run into an issue where our VPN tunnell
from site to site may be down, but the internet is still reachable.

Add public DNS to your DHCP as third and fourth...
Let say:
DNSlocalsite01
DNSlocalsite02
DNShubsite01
DNShubsite02
PublicDNS01
PublicDNS02

"Chris Meehan" <ChrisMeehan@discussions.microsoft.com> wrote in message
news:BFF6E75E-10F0-4EF2-B987-08EBA021C15B@microsoft.com...
> Our environment consists of 100+ WAN connected sites. Currently the DNS
> service is NOT installed on the DC at each site. DNS is currenty only
> running
> at the hub location. All clients are configured via DHCP to use the hub
> site
> DNS servers (Primary and Secondary). We would like to install DNS on all
> domain controllers in the environment and force all clients to use their
> local DC for name resolution. This is not a problem and should be fairly
> easy
> to change.. My question is this...
>
> If the local DNS server is down at the site, is there a way utilizing the
> Windows Server 2003 DNS service to force the client to try and resolve
> using
> public DNS to access publicly accessible services, such as: Outlook RPC
> over
> http, citrix, etc.. before performing DNS queries back to the hub site
> through the VPN tunnel? To try and make my question a little bit clearer,
> here is a scenario...
>
> Local DC is down...(xp client primary DNS is inaccessible)
> VPN tunnel to hub site is down...(xp client secondary DNS is inaccessible)
> Internet is still accessible and client will then use public DNS to
> resolve
> and connect to publiclly accessible services. (RPC over HTTP, Citrix, Web
> services).
>
> **Side Note ** We utilize a device which gives us the ability to provide
> split tunneling, so we sometimes can run into an issue where our VPN
> tunnell
> from site to site may be down, but the internet is still reachable.

Ok, thats exactly what i was thinking. Basically is the way DNS works and by
prioritizing the servers in DHCP will provide what I am looking for. Thanks!

"Luka Manojlovic" wrote:

> Add public DNS to your DHCP as third and fourth...
> Let say:
> DNSlocalsite01
> DNSlocalsite02
> DNShubsite01
> DNShubsite02
> PublicDNS01
> PublicDNS02
>
> "Chris Meehan" <ChrisMeehan@discussions.microsoft.com> wrote in message
> news:BFF6E75E-10F0-4EF2-B987-08EBA021C15B@microsoft.com...
> > Our environment consists of 100+ WAN connected sites. Currently the DNS
> > service is NOT installed on the DC at each site. DNS is currenty only
> > running
> > at the hub location. All clients are configured via DHCP to use the hub
> > site
> > DNS servers (Primary and Secondary). We would like to install DNS on all
> > domain controllers in the environment and force all clients to use their
> > local DC for name resolution. This is not a problem and should be fairly
> > easy
> > to change.. My question is this...
> >
> > If the local DNS server is down at the site, is there a way utilizing the
> > Windows Server 2003 DNS service to force the client to try and resolve
> > using
> > public DNS to access publicly accessible services, such as: Outlook RPC
> > over
> > http, citrix, etc.. before performing DNS queries back to the hub site
> > through the VPN tunnel? To try and make my question a little bit clearer,
> > here is a scenario...
> >
> > Local DC is down...(xp client primary DNS is inaccessible)
> > VPN tunnel to hub site is down...(xp client secondary DNS is inaccessible)
> > Internet is still accessible and client will then use public DNS to
> > resolve
> > and connect to publiclly accessible services. (RPC over HTTP, Citrix, Web
> > services).
> >
> > **Side Note ** We utilize a device which gives us the ability to provide
> > split tunneling, so we sometimes can run into an issue where our VPN
> > tunnell
> > from site to site may be down, but the internet is still reachable.
>
>
>

I actually have another question....

The way I understand it, the difference between and AD-Integrated Zone and a
Primary/Secondary zone, is only the fact that the AD-Integrated Zone will get
replicated with with domain partition to all domain controllers. So, If i
wanted to convert all of my primary "support" zones to AD-Integrated, could
that cause a probably aside from replication size/time? Or am I thinking
about the difference between the zone types incorrectly?

Thanks in advance!

Chris

"Chris Meehan" wrote:

> Ok, thats exactly what i was thinking. Basically is the way DNS works and by
> prioritizing the servers in DHCP will provide what I am looking for. Thanks!
>
> "Luka Manojlovic" wrote:
>
> > Add public DNS to your DHCP as third and fourth...
> > Let say:
> > DNSlocalsite01
> > DNSlocalsite02
> > DNShubsite01
> > DNShubsite02
> > PublicDNS01
> > PublicDNS02
> >
> > "Chris Meehan" <ChrisMeehan@discussions.microsoft.com> wrote in message
> > news:BFF6E75E-10F0-4EF2-B987-08EBA021C15B@microsoft.com...
> > > Our environment consists of 100+ WAN connected sites. Currently the DNS
> > > service is NOT installed on the DC at each site. DNS is currenty only
> > > running
> > > at the hub location. All clients are configured via DHCP to use the hub
> > > site
> > > DNS servers (Primary and Secondary). We would like to install DNS on all
> > > domain controllers in the environment and force all clients to use their
> > > local DC for name resolution. This is not a problem and should be fairly
> > > easy
> > > to change.. My question is this...
> > >
> > > If the local DNS server is down at the site, is there a way utilizing the
> > > Windows Server 2003 DNS service to force the client to try and resolve
> > > using
> > > public DNS to access publicly accessible services, such as: Outlook RPC
> > > over
> > > http, citrix, etc.. before performing DNS queries back to the hub site
> > > through the VPN tunnel? To try and make my question a little bit clearer,
> > > here is a scenario...
> > >
> > > Local DC is down...(xp client primary DNS is inaccessible)
> > > VPN tunnel to hub site is down...(xp client secondary DNS is inaccessible)
> > > Internet is still accessible and client will then use public DNS to
> > > resolve
> > > and connect to publiclly accessible services. (RPC over HTTP, Citrix, Web
> > > services).
> > >
> > > **Side Note ** We utilize a device which gives us the ability to provide
> > > split tunneling, so we sometimes can run into an issue where our VPN
> > > tunnell
> > > from site to site may be down, but the internet is still reachable.
> >
> >
> >