RE: Using different DNS for guests than Virtual Router

Tue, 23 Apr 2013 08:51:40 -0700 

Hello Ahmad,
      That was my initial attempt.  The issue I ran into was that the dnsmasq 
settings on the Virtual Router seem to block the traffic that was required for 
the machine to join the domain.  I played around with the settings a little bit 
and was able to get it to find the domain, so I would imagine that I could 
tweak it some more to not be an issue.  However, any changes I make on the 
virtual router only last until it is restarted, so without a way to make those 
permanent I have to circumvent it entirely.  The blog post that Murali linked 
for how to set up a network without DHCP and DNS seems like it was probably the 
correct way to do it, but as far as I can tell would require me to start my 
zone from scratch, so I am trying to avoid that if possible.
Thanks,       David Ortiz

> CC: [email protected]
> From: [email protected]
> Subject: Re: Using different DNS for guests than Virtual Router
> Date: Tue, 23 Apr 2013 08:49:06 -0700
> To: [email protected]
> 
> Coming from someone that has no clue about active directory... If your using 
> a basic zone, why don't you have the AD server deployed outside of cloudstack 
> s control. Then point have your dns entries point to it. Have the default 
> security group for guests open to the ports AD works on.
> 
> Ahmad
> 
> On Apr 22, 2013, at 1:42 PM, David Ortiz <[email protected]> wrote:
> 
> > Hello,
> >    I am trying to setup a Windows AD server as a guest on my cloudstack 
> > cluster, and join my other guests to the domain it is serving using 
> > PowerBroker Identity Services Open.  From what I am seeing, the virtual 
> > router will block me from being able to perform nslookup or join the domain 
> > using the domainjoin-cli command.  If I modify /etc/resolv.conf to point 
> > directly at my DC as the dns server, it can join the domain without any 
> > issues.  Unfortunately when I reboot, the dhcp setup with the virtual 
> > router will point it back to the virtual router as the name server.  I also 
> > found that I could get nslookup (but not joining the domain) to work by 
> > playing with the dnsmasq.conf settings on the virtual router a little bit, 
> > which works until it is rebooted at which point they revert back to what 
> > they had been originally.  Is there a way to get the virtual router to 
> > point guests at the domain controller as the DNS, or to set up the dnsmasq 
> > to allow the AD joins to occur (and make those settings persistent)?  Or 
> > alternatively, would I be able to set up DHCP on the DC and just circumvent 
> > the virtual router entirely?
> > Thanks,
> >     David Ortiz

Reply via email to