Home Network Configuration - DNS

[mason736]

I've had my home network up and running for a couple years now, however I've had a nagging issue, that I'm finally ready to deal with.

My setup is:

Router: Netgear WNDR3700 flashed with OpenWRT
- handles DHCP
- external DNS and gateway
- VLANs

Switches:
- Cisco SG200-48 (x2), 1 each used for each of the VLANs to segregate traffic

Domain:
- WS2012 Essentials running as Domain Controller
- Handles internal DNS

My problems is as such, for any computer that I want to join my domain, I have to manual edit their network settings and hardcode the DNS settings of my primary domain and secondary domain controllers. Once this is done, I am able to join the domain.

For any device that just wants to connect to the internet and surf the web, there are no issues. All tablets, phones, etc... work just fine without having connect to the domain controllers directly.

Thanks

 

[j_h_o]

What are you trying to fix?

Set the DHCP on the NetGear to point all DNS thru your Domain Controller. But if the DC goes down, internet would stop "working" for most clients.

I have 2 VMs as DCs internally, and my DHCP scope assigns 2 Active Directory-aware DNS servers to internal clients for redundancy.

 

[Chuckleb]

Couldn't you point them to the internal DNS server as primary and to a public one as secondary or tertiary (provider, Google, etc)? Then you could still resolve if the internal ones went down.

 

[mason736]

so I tried as you suggested, and connected to the internet via wifi, removing all of the hardcoded dns settings in the adapter properties. My laptop now shows me connected to a public network, and not the domain network

 

[j_h_o]

Clarify: What did you do?

Paste output of ipconfig /all -- what DNS server(s) are sent to your clients?

You need to update the DHCP scope on the Netgear to hand out your AD/DC IP as the DNS server. (Primary or otherwise) and ensure the DC's DNS server has forwarders out to external DNS servers so they can resolve your DC and also service external DNS queries.

Your Windows machines use NLA to determine if they're on a domain network or not -- and the inability to find a DC via DNS causes them to detect a public network.

 

[NetWise]

I'm going to second that.

However. You mention VLAN's. So put all 'internet' stuff on 'guest' wifi or vlan and put the domain stuff on the domain vlan each with their own DNS.

Why do you have two switches to segregate VLAN? At that point you have ALAN ( Actual LAN ) not virtual. They could very easily be on the same switch with ports set for the appropriate VLAN.

In my house, everything uses a pair of DC's with failover DHCP and both providing DNS. If it's 'internet' it still gets an IP and 'could' see my domain/lab, but would still need to authenticate to do so.

 

[mason736]

I'm going to second that.

However. You mention VLAN's. So put all 'internet' stuff on 'guest' wifi or vlan and put the domain stuff on the domain vlan each with their own DNS.

Why do you have two switches to segregate VLAN? At that point you have ALAN ( Actual LAN ) not virtual. They could very easily be on the same switch with ports set for the appropriate VLAN.

In my house, everything uses a pair of DC's with failover DHCP and both providing DNS. If it's 'internet' it still gets an IP and 'could' see my domain/lab, but would still need to authenticate to do so.

Technically I suppose its not a vlan, but 2 separate networks running through the router, each one using its own switch. One is for all normal traffic on my network, the other is to separate SAN traffic going back and forth between between my SAN and File Server. The SAN is a HP Storageworks P4300 g2, and only has ethernet connection, having a separate network for SAN traffic seemed like a good idea.

 

[NetWise]

Sure agreed I'd do the same. Just wasn't sure if you HD your internet and domain traffic on two separate VLAN's or switches as well.

 

[j_h_o]

Did you manage to change the DNS server(s) served by the DHCP config in OpenWRT?