Hi there,
I have two issues with a resolution of a domain name in different sites.
My Windows infrastructure is pretty simple - we have main office with 2 AD controllers and DFS/file server on another VM and number of branch offices with RODCs (+DFS/FS on them). Permanent VPN links to every office from the main one, DNS on all servers. All DCs are configured to use themselves as primary DNS server and main office DC as secondary DNS server. In 2 branches I use RW DC instead of RODC. Sites and subnets are configured, each DC is in it's own subnet.
So the first problem: DNS server contains Name servers (NS) records for the domain zone (mydomain.local) of all 4 RW DC. So when I try to ping mydomain.local from main network, it can be resolved to the IP-address of DC in branch office, so if I try to connect to DFS share mydomain.local\myshares - I will be redirected to the file-server in branch office. I can delete NS records of DCs branch offices, but they appear again in some time.
Second problem: When VPN link to branch office is down - users can't be authenticated on RODC, can't use DFS shares and moreover, I can't login with Administrator account to the RODC: it can't connect to the domain. All fix after VPN link goes up again.
So I think that both problems because of DNS misconfigration, but I have no idea how to configure DNS to check Sites/Subnets information before resolution of domain record.
Thank you.