Friday, December 29, 2017

domain name system - Forwarding Active Directory Queries through DNSMASQ



I've set up an AD domain controller through Samba 4. I'm using Samba 4's internal DNS Server for handling the SRV queries.




However, due to project requirements, my clients need to have a DNSMASQ as their one and only DNS server.



Thus, my plan was to forward all queries which DNSMASQ can't handle to the Samba 4 server.



Let's assume the IP addresses of the servers are like this:



Server with DNSMASQ: 192.168.0.10



Server with SAMBA4: 192.168.0.11




To achieve that, I have added the following line to my DNSMASQ.conf:



server=192.168.0.11



After restarting DNSMASQ, it is not forwarding SRV quries to the SAMBA 4 DC.
If I add the following line:




srv-host= _ldap._tcp.dc._msdcs.domain.example.com





the query gets forwarded, but the clients still can't join the domain. I get the following error message:




Host(A) or (AAAA) records that map the names of the domain controllers
to their IP addresses are missing or contain incorrect addresses



Domain controllers registered in DNS are not connected to the network
or are not running.





I assume there are still DNS problems, so these are my questions:




  • Is what I want to do possible at all?

  • Is there a way to just forward all SRV queries to another host with DNSMASQ?

  • Why is the server=192.168.0.11 line not working? Am I missing anything there?


Answer



I got it up and running.




Here's what my dnsmasq.conf looks like for a domain called
domain.example.com, and a samba 4 domain controller with the IP of 192.168.0.11:



server=192.168.0.11
srv-host_ldap._tcp.dc_msdcs.domain.example.com, 192.168.0.11
srv-host=ldap._tcp.gc._msdcs.domain.example.com, 192.168.0.11
srv-host=_kerberos._tcp.dc._msdcs.domain.example.com, 192.168.0.11
srv-host=ldap._tcp.pdc._msdcs.domain.example.com, 192.168.0.11



The server on which dnsmasq is installed also needs to be able to resolve the FQDN of the samba 4 domain controller, so an entry into /etc/hosts is needed:



192.168.0.11 dc1-samba.domain.example.com


The /etc/hosts on the samba 4 server needs to be set up appropriately according to https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller



I took the information from here:




https://blogs.msdn.microsoft.com/servergeeks/2014/07/12/dns-records-that-are-required-for-proper-functionality-of-active-directory/


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...