0

I would like to set up a caching nameserver to meet some requirements in the datacenter. Some of these requirements make me to put this caching nameserver between my servers and AD (e.g. collecting some statistics, managing whole dns things at one spot etc)

When I run some tests like joining a windows server to AD domain while the server is looking to this caching nameserver (lets say 10.10.10.10) and its forwarding (or replying from cache) that domain (lets say my.domain.com) to AD DNS, it actually works but partially.

Server can join AD domain, I can login to server with my domain user, there is no trust issues, I can see the computer object in AD users and computers console, however, there is no DNS record created. I can't get an answer from nslookup. Whats going on during the join process?

The caching name server I use is unbound btw.

Çiçek Adam
  • 33
  • 4
  • 1
    I couldn't find any related documents but I guess new joint server tries to send dynamic dns request and it tries to send it to caching name server due to be written in interface ipv4 configuration :/ If so, is there any way to override this? – Çiçek Adam Jun 20 '22 at 21:26

1 Answers1

1

As you mentioned in your comment, the client is trying to send a dynamic dns update request but it's going to the caching NS. One thought that would really only work with DHCP clients is to have the DHCP server update DNS. If you set static reservations instead of static IPs on servers/etc. those would also get updated, but you can also set static entries in the Windows DNS servers themselves too.

In practice though, I'm not sure you'll like the setup you are trying for. Windows clients are very peculiar with DNS when it comes to SRV records, etc. for domain joined clients. You might having ongoing ghosts in the system and fight weird DNS issues. That said, the above in theory should work to update the Windows DNS servers with the right records.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • Thank you for clarification. So my guess is unfortunately true :( I wish there was also a SRV record for AD DNS :D – Çiçek Adam Jun 22 '22 at 08:06
  • I will check the dhcp service for nsupdate, but I don't have high hopes on that, because the other team doesn't use windows dhcp, its such a strange combination of infra services :D – Çiçek Adam Jun 22 '22 at 08:08