Windows – How to configure DNSMasq on DD-WRT when using Active Directory

active-directorydd-wrtdnsmasqwindows-server-2012-r2

I have a server running Windows Server 2012R2. It is a domain controller. I have a router running DD-WRT version DD-WRT v24SP2-EU-US (08/19/10) std (SVN revision 14998). The router is configured with the following:
Setup tab:

Domain Name: domain.office

Local IP Address: 192.168.1.1

Subnet: 255.255.255.0

Gateway: 0.0.0.0

LocalDNS: 192.168.1.101 (this had been 0.0.0.0)

DHCP Type: server

Static DNS 1: 192.168.1.1

Static DNS 2: 8.8.8.8

Static DNS 3: 8.8.4.4

Use DNSMasq for DHCP: Yes

Use DNSMasq for DNS:

Yes DHCP Authoritative: Yes

On the Services Tab:

Used Domain: Lan & WLAN

Lan Doman: domain.office

Additional DHCPd options:

local=/domain/

server=/domain/192.168.1.101 (I've tinkered and am still tinkering with these)

DNSMasq Enable

LocalDNS Enable

address=/server.domain.office/192.168.1.101

server=/domain/192.168.1.101

cache-size=10000

expand-hosts

What I'm fighting with is that I'm trying to get the clients to recognize the DC. I can ping the DC from the clients. I can ping clients from the DC, and I can do these things with just the name of the server or the client, as I would hope to do. But I cannot get the clients to find the DC as a DC. The DC is running active directory, and if I try to log on to one of the clients using a username that has not previously logged on, I get the message that it cannot locate a logon server. When I try to force a gpupdate, it fails, unable to contact a server. A server that can easily be pinged.

I have posted over on DD-WRT's forums and have received no answers. The puzzling thing is that right after I made the changes to the additional DHCPd Options and DNSMasq Options, as reflected above, I was able to update group policies on one computer. Not once, but three times, it worked. Then after I restarted the PC, it gives me the same old unable to contact a server message. I tried on another PC, doing ipconfig /release, ipconfig /renew, ipconfig /flushdns, and that PC has not once been able to reach the DC.

Here is my post over on DD-WRT, if it helps. I am continuing to tinker with it, to see if I can get it going, but the problem is that I know I am about to replace one of the PCs, and I won't be able to reach the Logon Server until I get this fixed. http://www.dd-wrt.com/phpBB2/viewtopic.php?t=269490

Oh, and the reason I was able to logon before but can't now is that I changed from using the DC as both DHCP and DNS server, to using the router, because my ISP had sent an email that I was running an openresolver DNS server. I am in no way an expert at this – quite the opposite. I know little about setting up a DNS server, and I'm actually quite amazed that I got it working, before, even though it did tick off my ISP. So any help is very much appreciated. I'm just not finding anything online about resolving this. The few things I have found so far, I have tried and haven't worked.

Thanks in advance for any help you can give. It is appreciated.

Best Answer

Due to the lack of informations I only could suggest: A windows server which works as a active directory dc will do it best as the local dns and dhcp server. So I suggest you realize:

Please disable DHCP on DDWRT.
Let the DNS setting on DDWRT on default.
In the network settings on windows server add the IP address of DDWRT as gateway.
In Windows DNS server add the IP address of the DDWRT as DNS Forward.
Configure and authorize the DHCP on Windows server.

Solution:

So, the solution is to get dd-wrt to create the entries in /etc/hosts without the domain on them, and then tell dnsmasq to consider those host entries as part of the example.com domain when a fully qualified A record DNS query comes in.
To do this you have to:

Put the example.com domain in the Domain Name field on the Setup -> Basic Setup page under Optional Settings.
Blank the LAN Domain setting on the Services page under DHCP Server.
Add expand-hosts to Additional DNSMasq Options on the Services page under DNSMasq

Step #1 controls the domain= setting that gets put in the dnsmasq.conf file. Step #2 removes the domain from the entries that get put in /etc/hosts. Step #3 tacks the domain onto the entries in /etc/hosts when a fully qualified DNS query comes in.

I'm so glad dd-wrt made this nice and simple...

DD-WRT serving additional DNS servers instead of just the router’s IP

It's good that you're using DNSMasq.

You can configure what you want in the Services (> Services) tab, in the DNSMasq > Additional DNSMasq Options box, but first, you'll want to clear those Static DNS fields. Static DNS fields in "Setup > Basic Setup"

Add the following to the DNSMasq options box:

dhcp-option= option:dns-server, 192.168.10.10 # DHCP option 006

server = 8.8.8.8 # DNSMasq will use these servers for forwarding the DNS requests that it can't serve
server = 8.8.4.4

Best Answer

Related Solutions

DD-WRT: DNSMasq expand-hosts not working

Solution:

DD-WRT serving additional DNS servers instead of just the router’s IP

Related Question