How do I get Windows Domain Controller and Ubuntu dnsmasq to play nicely?

windows-server-2008 windows-server-2003 domain-name-system domain-controller dnsmasq
9,004

Solution 1

I wouldn't put too much effort into having it "play nicely", I'd rather go for AD-integrated DNS instead of dnsmasq...

  1. Install DNS Server on the Windows 2003 DC
  2. Create a primary forward-lookup zone called DOMAIN.address.com
  3. Transfer the records from your Ubuntu server to the new DNS Server on the DC
  4. Convert the zone to an Active Directory-integrated zone
  5. Restart the netlogon service on the 2003 DC (this way, all SRV records in the _msdcs subzone will re-register)
  6. Ensure that the SRV records are in place (eg. ping _ldap._tcp.dc._msdcs.DOMAIN.addresse.com )
  7. Use the 2003 DC as DNS server in the future
  8. Use the Ubuntu Server for something else... ;-)

Now, the new 2008 DC will be able to locate the DC during dcpromo, and everything should work as expected :-)

Solution 2

You would indeed need want an AD-integrated MS DNS server - doing it differently would require significant configuration overhead. But you could choose to keep your existing name server infrastructure in place and just add MS DNS servers on top of that.

You easily can get different name servers to "play nicely" together by making sure that the name spaces they are authoritative for do not overlap. If your "internal name server" has authority for the address.com zone, it is quite fine to have an AD DNS server with an DOMAIN.address.com zone. To make sure your dnsmasq server is able to answer requests for DOMAIN.address.com you simply might add forwarder definitions for the DOMAIN.address.com zone to your dnsmasq configuration like this in dnsmasq.conf:

server=/DOMAIN.address.com/192.168.0.1

or alternatively using the -S /DOMAIN.address.com/192.168.0.1 command line option to dnsmasq where 192.168.0.1 should be replaced by the IP address of one of your AD DNS servers.

If the name spaces do overlap, you are out of luck - as this is outside of the specification of the DNS so any kind of interoperability between primary zone-holding name servers (i.e. the replication of the zone data) would require proprietary mechanisms. While this kind of mechanisms is built into the MS DNS server for replication of AD-integrated DNS zone data between AD DNS servers, no such interoperability is implemented for any kind of 3rd parties.

Share:
9,004
HorusKol
Author by

HorusKol

Updated on September 18, 2022

Comments

  • HorusKol
    HorusKol almost 2 years

    I've inherited "ownership" of a network which has a Windows 2003 Server running as a Domain Controller and file server (no IIS or DNS running). We also use an Ubuntu server running dnsmasq as an internal Name Server.

    This setup doesn't seem to have been a problem until now - we are installing a new Windows 2008 server (new hardware and everything), and want to migrate services and data from the old server gradually. To start this process, we are trying to add the new server as a secondary controller on our domain. The server is connecting to the domain easily enough, but when we try and specify the forest for the new controller we end up with this error:

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "DOMAIN.address.com":

    The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.DOMAIN.address.com

    Common causes of this error include the following:

    • The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

    xxx.xxx.xxx.xxx

    One or more of the following zones do not include delegation to its child zone:

    • DOMAIN.address.com
    • address.com
    • com
    • . (the root zone)

    I'm now thinking that the solution is to make the 2008 Server use the 2003 Server DNS instead of our Ubuntu? Is this the right solution? Are there other options? What might I and my team have missed?

  • HorusKol
    HorusKol almost 12 years
    Thanks - that's not quite getting them to play nicely :P That said, I don't see the point of having two DNS servers
  • HopelessN00b
    HopelessN00b almost 12 years
    @HorusKol: Redundancy is nice, and also, Windows DCs should generally also be given the DNS role (MS officially recommends it too), because so much of AD's functionality is dependent on DNS. Your DCs should therefore be able to access it locally, rather than having to make name requests of another server. So if you have 2 Windows DCs, you should have at least 2 Windows DNS servers. ;)
  • Spence
    Spence almost 12 years
    +1 - Running DNS for Active Directory on non-Domain Controller machines is a recipe for heartache. Unless you have a really good reason not to you should use Microsoft DNS to support AD.
  • Robin Gill
    Robin Gill almost 12 years
    Just to add to the above great advice, really you should have a second domain controller which you could use as your 2nd DNS server.
  • HorusKol
    HorusKol over 11 years
    "no such interoperability is implemented for any kind of 3rd parties" < don't tell the secondary DNS I have running on Ubuntu (not dnsmasq), then - I now have that replicating from the MS DNS just fine...
  • the-wabbit
    the-wabbit over 11 years
    @HorusKol I meant to express that primary zone servers can't be cross-vendor. You can run secondaries fine of course and they would replicate via AXFR/IXFR DNS mechanisms, but due to their nature, the zones they are holding are read-only. With AD DNS zones this is different - every DNS server is "primary" and has the ability to read and write the zone. I.e. what you can't get is an AD DNS zone merged/replicated with a dnsmasq DHCP-leases-filled zone.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

MSDCS zone missing
DcDiag: "Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)" meaning?
Cannot connect Windows 7 machine to windows 2003 domain
Active Directory: is it good to have 127.0.0.1 as DNS server entry on 2 machines that are 2 DNS servers in a local net?
Event ID 4013: “The DNS server is waiting for Active Directory Domain Services (AD DS) to signal..."
Window Server 2008 R2: Can you change the IP address of the domain controller?
Cannot connect to Active Directory Domain Controller
ADPREP /forestprep fails to verify replication cycle on schema master
What to use on Windows Server 2008 since NETDIAG isn't supported?
How can I retrieve the LDAP server certificate for Windows 2008 and 2003 global catalog servers?