The organization has two branches, one with AD and DNS, and the other without them. There is a VPN connection between the branches. In the second branch, all machines are part of the domain in the first branch. The administrator of the second branch has configured the DNS client settings to use the primary DNS as the corporate server and the secondary DNS as 8.8.8.8.

However, this configuration can lead to serious problems, as mentioned on the Microsoft website (link: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754588(v=ws.11)?redirectedfrom=MSDN). It explains why using an external server as a secondary DNS is not recommended.

In reality, you have already discovered the answer to your question. The only issue lies in your disagreement with the administrator regarding the use of an external DNS as a backup for your internal services.

I understand your concern and agree that the solution suggested by the administrator can indeed lead to problems when disconnected from your DNS.

Now, I am about to express something that you may not like:
Both you and the admin are mistaken (and it's possible that I could be too).
Instead of trying to prove the admin wrong, let's focus on finding a solution that works seamlessly. Consider implementing a duplicate DNS system.

While there may not be any specific MS articles stating that your admin's method will not work, it is essential to rely on common sense in this matter.

The administrator's theory is mostly correct. Instead of relying on backups, consider implementing a duplicate AD on the branch, regardless of the type of machine (be it Win-Linux or otherwise).

Alternatively, you can handle everything through a single DNS, but that would require either a redundant VPN or a robust infrastructure.

Moreover, based on the article and my own experience, I haven't come across any issues that were insurmountable and couldn't be resolved by simply restarting the machine. If there's a hiccup with the answer, it may jump to DNS2 and fail to find anything there. This can result in Windows problems due to the lack of connection to AD and other components.

From my personal opinion as an experienced admin, I haven't implemented AD for a long time. There aren't many tasks that it solves without causing lags or complications. Third-party programs can be used for managing passwords and server access (although unfortunately, most users tend to sit at their computers, neglecting proper password practices). Once AD is introduced, troubles with accounts, DNS, file access, and replication tend to arise.

The primary DNS (in your situation) is essential for the VPN to operate properly. It handles network broadcast requests when it doesn't have an answer to them.

Instead of worrying about the duration of the VPN channel, consider reserving the role of DNS in the second branch to ensure smooth operations.

Your concern is that if the second external DNS server is registered and the VPN is established, the second branch won't be aware that "buhgalterbigass.localdomain.su" corresponds to 192.168.0.200. It's crucial to address this issue and ensure proper understanding.

The organization has two branches, one with Active Directory (AD) and DNS, and the other without them. The second branch's machines are part of the domain in the first branch, and there is a VPN connection between the branches. The administrator of the second branch has configured the DNS client settings to use the primary DNS as the corporate server and the secondary DNS as 8.8.8.8. However, this configuration can lead to serious problems, as explained on the Microsoft website.

🔸 Main Thoughts:

1️⃣ Using an external server as a secondary DNS, such as 8.8.8.8, can cause issues because it may not have the necessary information about the internal domain and its resources.

2️⃣ DNS resolution is crucial for Active Directory functionality, including authentication, domain controller location, and resource access. If the secondary DNS server doesn't have the required information, it can result in delays, failed logins, or other connectivity problems.

3️⃣ Active Directory relies on DNS for proper operation, and using an external DNS server as a secondary can disrupt the communication between domain-joined machines and domain controllers.

4️⃣ To ensure proper DNS resolution and Active Directory functionality, it is recommended to configure the DNS client settings in the second branch to use only internal DNS servers that have the necessary information about the domain.

🔹 Overall, using an external DNS server as a secondary DNS in a domain environment can lead to complications and should be avoided. It is crucial to configure DNS client settings to use internal DNS servers that have the required information for proper Active Directory functionality.