I have several Balance units installed for quite a few small business customers for which we’ve configured split-horizon DNS. Currently, we point all internal clients at the server for DNS, but I would prefer to use the Peplink Balance so that it could serve both DHCP and DNS and allow clients to access the Internet, even if we experience a server outage. I would like to request a feature where the Peplink Balance forwards DNS requests for specified domains to the LAN DNS server, while others go out to the WAN DNS servers.
Can you provide more details and examples of this feature question? I am wondering our Local DNS records of LAN DNS Server does not fit this requirement?
- Moved to Feature Request forum
There are 2 problems with Local DNS as a solution:
- Local DNS only specifies A records. You can’t create CNAMEs, SVR, or PTR records.
- I already have to manage DNS records on my Windows server as well as my external DNS host. I don’t want a 3rd place to have to manage DNS records, particularly ones that are dynamic (like workstation names in a Windows domain).
What I want is to be able to point mydomain.com to the LAN DNS server, and let everything else go out to the WAN DNS server.
Today I ran into another situation where I really need this:
I have 2 offices working together over a VPN on the same Windows domain. All DNS traffic for that domain needs to be pointed to the domain controller that is authoritative for that domain. However, if the VPN connection fails for any reason, I don’t want the side without a server to not be able to resolve any Internet hostnames. Only local DNS requests should fail (and ideally would even be cached for a time by the Peplink).
Do you mean that you want to point all users DNS settings at the Peplink then,
If a user requests myserver.mydomain.com the peplink knows hey I need to forward that onto the local domain controller for resolution
If a user requests www.google.com the peplink knows to forward onto the WAN’s DNS servers
The Peplink also keeps a cache until the TTL expires (which it does now anyways according to the manual)
I realise that you are trying to be able to still use DNS incase the DNS server is down, but seeing as you are using AD you will get several other issues if a DC is down anyway, so maybe work on having multiple Domain Controllers instead of having Peplink implement conditional forwarding / split dns although I can see it working in a few scenarios.
You could also implement a RODC in the secondary site with DNS
You described the need perfectly. I serve as the lone IT support person for over a dozen small businesses, none of whom would have any use for a secondary domain controller. With this feature, I would put a Peplink SurfSOHO or Balance 20 in every single customer location. My customers pretty much only access files and printers off of their servers, so with the Peplink providing DNS services, they can continue to do a lot of their work online, even if their server is down.
With regard to the customer with the 2 sites, we’re talking about a total of 13 people across the 2 sites. There’s no way there’s justification for a secondary domain controller, just to serve DNS.
I just ran across another big reason for this. If you want to remotely fix any PepLink settings after VPN goes down, you could still have Internet access enough to do that via remote login tools. I just lost 2 hours fighting through this blind because the 6.1 firmware upgrade doesn’t show up automatically on the Surf SOHO devices, and one of my techs downgraded to 6.0.3 from the 6.1 beta instead upgrading to 6.1 final release.
Did you have any luck with split-horizon DNS? We’re trying to do the same thing with Balance 310s.
No, that’s still an ongoing frustration - we still have to install a DNS proxy on each workstation that sends local traffic to the local DNS server, and external traffic out to an external DNS server. There are so many great things about these Peplink routers, but there are just 2-3 things that seem like simple changes that would make them unbeatable.