How do I configure DNSMasq on DD-WRT when using Active Directory?

I have a server running Windows Server 2012R2. It is a domain controller. I have a router running DD-WRT version DD-WRT v24SP2-EU-US (08/19/10) std (SVN revision 14998). The router is configured with the following: Setup tab:

Domain Name: domain.office

Local IP Address: 192.168.1.1

Subnet: 255.255.255.0

Gateway: 0.0.0.0

LocalDNS: 192.168.1.101 (this had been 0.0.0.0)

DHCP Type: server

Static DNS 1: 192.168.1.1

Static DNS 2: 8.8.8.8

Static DNS 3: 8.8.4.4

Use DNSMasq for DHCP: Yes

Use DNSMasq for DNS:

Yes DHCP Authoritative: Yes

On the Services Tab:

Used Domain: Lan & WLAN

Lan Doman: domain.office

Additional DHCPd options:

local=/domain/

server=/domain/192.168.1.101 (I've tinkered and am still tinkering with these)

DNSMasq Enable

LocalDNS Enable

address=/server.domain.office/192.168.1.101

server=/domain/192.168.1.101

cache-size=10000

expand-hosts

What I'm fighting with is that I'm trying to get the clients to recognize the DC. I can ping the DC from the clients. I can ping clients from the DC, and I can do these things with just the name of the server or the client, as I would hope to do. But I cannot get the clients to find the DC as a DC. The DC is running active directory, and if I try to log on to one of the clients using a username that has not previously logged on, I get the message that it cannot locate a logon server. When I try to force a gpupdate, it fails, unable to contact a server. A server that can easily be pinged.

I have posted over on DD-WRT's forums and have received no answers. The puzzling thing is that right after I made the changes to the additional DHCPd Options and DNSMasq Options, as reflected above, I was able to update group policies on one computer. Not once, but three times, it worked. Then after I restarted the PC, it gives me the same old unable to contact a server message. I tried on another PC, doing ipconfig /release, ipconfig /renew, ipconfig /flushdns, and that PC has not once been able to reach the DC.

Here is my post over on DD-WRT, if it helps. I am continuing to tinker with it, to see if I can get it going, but the problem is that I know I am about to replace one of the PCs, and I won't be able to reach the Logon Server until I get this fixed. http://www.dd-wrt.com/phpBB2/viewtopic.php?t=269490

Oh, and the reason I was able to logon before but can't now is that I changed from using the DC as both DHCP and DNS server, to using the router, because my ISP had sent an email that I was running an openresolver DNS server. I am in no way an expert at this - quite the opposite. I know little about setting up a DNS server, and I'm actually quite amazed that I got it working, before, even though it did tick off my ISP. So any help is very much appreciated. I'm just not finding anything online about resolving this. The few things I have found so far, I have tried and haven't worked.

Thanks in advance for any help you can give. It is appreciated.

Thanks for the reply. I used to have DHCP and DNS on the server. When I got an email from my ISP saying that I was operating an open forwarder that had been used in an attack, I could not figure out how to not be open forwarding while still using the server for DNS (I'm FAR from a server/DNS expert). That was why I switched to using the router. I did come up with kind of a fix for my current problem - set the DNS server address in my IP config to the server address long enough to add the new PC to the domain, authenticate, and get group policy. Not ideal, but met the immediate need.

Thats the reason why I suggest that you configure your dns server in windows server to use the router as dans forwarder. So all dns request from your clients will go to the windows server and the windows server will ask the router which will ask the dns server from your ISP. The dns server in DDWRT is configured to only get requests from the lan interface.