×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Domain Controller without DNS Server

Domain Controller without DNS Server

Domain Controller without DNS Server

(OP)
We had a pair of Domain Controllers that offered AD Authentication, DNS and DHCP. Dynamic DNS actually.
A decision has been made to move DHCP and DNS to another device, a firewall. I moved DHCP a while ago, and other than not having Dynamic DNS, it's worked well.

However, when I start up DNS on the firewall, and stop the DNS Server service on the Domain Controller, server shares start asking users to authenticate to browse to a share, and eventually logging in to a domain PC fails because it can't find a domain controller.

I've read in a handful of places that domain controllers don't need to be DNS servers but they don't offer any information on how that's properly set up.

Does anyone know what I'm missing here?

RE: Domain Controller without DNS Server

Did you integrate the Active Directory namespace into the firewall's DNS service?

You might want to try reading this

RE: Domain Controller without DNS Server

(OP)
I did not. I'll read the article, thanks. I didn't see anything in the firewall GUI config that applies, but I know this firewall sometimes needs CLI setup for advanced features. Hopefully it's able to accommodate. It's a Fortigate 60F.

RE: Domain Controller without DNS Server

What's the reasoning for moving DNS to the fortigate? If its some filtering based on DNS (Cisco Umbrella?) then just use forwarders on the Windows DNS servers and disable root lookups.
I don't think I'd be keen on moving the DNS functionality for a Windows AD setup to a fortigate box.

RE: Domain Controller without DNS Server

(OP)
We're retiring the domain. Company made the decision to move everything to the cloud. Data is already there. We've already got some of the workstations authenticating through Google with GCPW, they're not even on the domain. This is a step. In the end, DNS and DHCP will be served from the firewall, authentication through Google, and VPN access to the inside will be no more. I suspect, if we can't get authentication from AD to work in concert with DNS on the firewall, we'll skip that step and just move all the workstations off the domain sooner than planned.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close