I have client which has multiple sites all over the world. They have 2 domain controllers in main location and every other location connects thru to main site with vpn tunnel. Currently the network is more or less disaster so I'm trying to fix it. One thing in common for the secondary sites is that their routers in network settings have ISP local DNS servers so their DHCP based computers get "wrong" DNS servers. It's been like that for ages and they use IP address to connect to servers.
So I would like to fix it with proper DNS servers etc. So I was planning to use RODC and DNS server on the only server (with Terminal Services and couple of programs like Visual Studio that people use to work) that is located in the location. The other option was to enter DNS servers from main location but if the tunnel goes down employees will be confused and won't be able to access internet (as they would need to change router settings) so this doesn't seem as reliable solution.
My questions are as follows:
- If VPN Tunnel goes down can people use DNS without problems (they can access internet) and they can authenticate to local servers/workstations?
- Is it safe and recommended (??) or in contrary not advised to put RODC/DNS server on the very same server with users and other programs?
- Any other advices regarding this setup ?