The purpose and scope of this document is limited to a network environment where Active Directory is integral to the network, but DNSthingy is running in standalone or gateway mode.
|DHCP Server:||Active Directory|
|DHCP Options:||Gateway:||DNSthingy host|
|Other options:||as required by environment|
|Rainbow list:||your internal domain.local|
|Rainbow list redirected to:||Active Directory|
|Rainbow list turned on:||All Rulesets (including Unfiltered ones)|
|Company Internet domain:||yourcompany.com|
|Company internal domain:||yourinternaldomain.local|
|IPv4 subnet:||10.20.30.0/0 (10.20.30.0/255.255.255.0)|
|DNSthingy LAN IP:||10.20.30.1|
|Active Directory Server IP:||10.20.30.10|
|DHCP Option of Gateway:||10.20.30.1|
|DHCP Option of DNS Server(s):||10.20.30.1 (be sure not to specify 10.20.30.10 as secondary)|
|Rainbow list of “Internal domains”:||yourinternaldomain.com
|Rainbow list re-directed to:||10.20.30.10|
|DHCP running on DNSthingy host:||NO|
|DHCP running on Active Directory Server:||YES|
When devices have primary and secondary DNS servers, unlike the common perception, the secondary is not a backup DNS server per se. Instead, DNS clients typically issue the same query to all DNS servers received via DHCP at the same time. For this reason, you do not want a primary DNS server of DNSthingy host and a secondary of AD.
Instead, to achieve redundancy and business continuity for a DNSthingy environment, you want to have two instances running simultaneously with the same configuration. It’s worth pointing out that the second DNSthingy instance could be in private server/standalone mode if the first DNSthingy instance is in gateway mode.
Also in configuration of multiple AD controllers, the DNS settings on the AD servers themselves should be as follows:
|SERVER||DNS settings on IP configuration|
|ADC1||Self (ADC1), ADC2|
|ADC2||Self (ADC2), ADC1|
For example, if AD1 is a host at 10.20.30.10 and ADC2 is 10.20.30.11, the settings would be as follows:
At the time of this writing, this can be achieved via firstname.lastname@example.org to assist multiple BoxIDs at the same location. In the future, this process will be automated and part of the UI.
The advantages of this configuration over having devices all make DNS queries directly to AD are numerous: