I have a server running Windows Server 2012R2. It is a domain controller. I have a router running DD-WRT version DD-WRT v24SP2-EU-US (08/19/10) std (SVN revision 14998).

Thanks for the reply. I used to have DHCP and DNS on the server. When I got an email from my ISP saying that I was operating an open forwarder that had been used in an attack, I could not figure out how to not be open forwarding while still using the server for DNS (I'm FAR from a server/DNS expert). That was why I switched to using the router. I did come up with kind of a fix for my current problem - set the DNS server address in my IP config to the server address long enough to add the new PC to the domain, authenticate, and get group policy. Not ideal, but met the immediate need.

The DNS SRV records required to locate a AD DC for the domain are not registered. I would suggest not using DNSMasq. Active Directory is heavily reliant upon.

– Oct 28 '14 at 19:12 •. Baruffaldi Turret Manual more.

As an Active Directory encompasses not only LDAP and Kerberos but also DNS and there are funny things Microsoft does with DNS (dynamic updates, special SRV records to locate hosts etc.), running Samba as an Active Directory domain controller means the built-in DNS server or bind9 with a special DLZ plugin. Integration but seems to have been abandoned not so much for technical reasons than rather for lack of real interest on both sides. There is at least that works around the technical issues by teaching dnsmasq the necessary SRV records manually, but even then you won’t have dynamic DNS updates the way Samba needs them and it is more of a hack definitely unsupported by the Samba team than a viable solution. Running dnsmasq is feasible not so much as an alternative running on the Samba host itself, but, at least in, it’s pre-destined for embedded devices such as access points and routers and accordingly the default DNS forwarder in. Having DNS resolution depend on a “higher-level” DNS service provided by Samba would contradict that concept. Apart from the fact that Samba’s DNS server would require support for every single feature existing DNS servers (such as dnsmasq) already have — or bind be used, a software I do not really miss particularly much (think zone files).

Obviously I can’t achieve the desired isolation of a such as DNS and a such as Samba with a single DNS zone, as there is no such thing as zone sharing. So I’ll need two DNS zones: mysite.foo.bar and either ad.mysite.foo.bar or mysite.ad.foo.bar. The latter choice would be preferable if we were to seriously use Active Directory features such as forests and sites but also mean that there would be a “parallel forest” of “conventional” DNS zones and the need to have a foo.bar DNS server that supports delegations. As Samba 4 currently supports running a single Active Directory domain controller only anyway, I’ll go with the former: DNS zone Managed by Running on mysite.foo.bar dnsmasq OpenWrt-based access point/router ad.mysite.foo.bar Samba “Real” server Now I do, of course, have only one DHCP service at my “site”.

Technically it could supply multiple DNS servers but you wouldn’t want that since you can’t control your clients’ resolvers’ behavior via DHCP (ie. When which DNS server is tried).

And there’s no need to, because here comes the elegant part: all clients continue to receive the IP address of an OpenWrt device as DNS server which is authoritative for mysite.foo.bar.