Active Directory setup issues

[Tzomb1e]

3 minutes ago, Juular said:

FQDN is the full domain name, like dc1.ecorp.local, if you set DNS suffix in router's DNS server for .ecorp.local it'll find DNS entry for dc1.ecorp.local even if you request just dc1. But i still don't see why it doesn't find the entry for FQDN when you specifially request it, might be that router itself doesn't use DC as DNS server.

Which results ?

To me it seems that the DC is not registering itself properly with the DNS server, hence why the record has "DC1.lan" instead of "DC1.ecorp.local" when you do a lookup by IP.

[Juular]

1 minute ago, Bruno_A said:

If I add a DNS entry in the DC, and use the DC as the ONLY DNS server, I could probably find out whether the router is actually using the DC as the DNS server?

Yeah, if you use DC as the only DNS server it should work, it doesn't ?

[Bruno_A]

2 minutes ago, Juular said:

Yeah, if you use DC as the only DNS server it should work, it doesn't ?

Right, so, on the DC, I added a DNS entry for "test" with 10.0.0.1 as the IP. When I ping test from the DC, it tries to go to 10.0.0.1, however, when I try to ping it from a different machine, it doesn't (also, for some reason, I have set the DC as the DNS server on the machine, manually, but ipconfig /all still shows other DNS servers in it):

Spoiler

 

[Bruno_A]

5 minutes ago, Tzomb1e said:

To me it seems that the DC is not registering itself properly with the DNS server, hence why the record has "DC1.lan" instead of "DC1.ecorp.local" when you do a lookup by IP.

Given the test I ran, I believe that the machines are not using the DC as the DNS server at all.

[Juular]

4 minutes ago, Bruno_A said:

ipconfig /all still shows other DNS servers in it

That's weird, try to ipconfig /renew or reboot.

[Bruno_A]

9 minutes ago, Juular said:

That's weird, try to ipconfig /renew or reboot.

Actually, from the client, I can ping test.ecorp.local as 10.0.0.1

[dalekphalm]

Maybe I'm missing something here, but your DC1/DNS Server is IP 10.230.0.240 - but your DNS Record for DC1 is .241...

 

Did you change the IP for DC1 to .241 after creating the initial post?

[Bruno_A]

2 hours ago, dalekphalm said:

Maybe I'm missing something here, but your DC1/DNS Server is IP 10.230.0.240 - but your DNS Record for DC1 is .241...

 

Did you change the IP for DC1 to .241 after creating the initial post?

Yes, I did change it. I got it working in the end. When making changes in OpenWRT, for the DNS servers used by DHCP, for some reason, the changes wouldn't take effect. For example, if I set 10.230.0.241 as the only DNS server, and renewed the DHCP lease, the DHCP lease would have the router (10.230.0.1) as the main DNS server, and the 10.230.0.241 as the secondary DNS server, and this way, It wouldn't even use the secondary DNS server at all. I found that when making changes in the DHCP server in OpenWRT, renewing the lease and flushing the DNS on the machine, wouldn't do the trick, and I had to actually reboot them. I never came accross this, and can't explain why this is, however, when I restarted, the DHCP lease on the client machine had the DNS server set up correctly. Weird.

[Jarsky]

From reading your post it seems you got it sorted, but it's clear that its a DNS problem. 

 

Server1 (DC) - You should assign the IP address statically e.g 10.230.0.241. 

Server1 Config: You should setup the AD roles, and make it a DNS server. Under DNS Settings, set DNS Server 1 to: 127.0.0.1

OpenWRT Router: Set your DNS Server being handed out to DHCP clients, the IP address of Server 1 e.g 10.230.0.241

Client: Release & Renew the DHCP lease. It should then get an IP address of 10.230.0.x (within your DHCP range specified) with a DNS Server IP of 10.230.0.241

You should then be able to join domain. 

[Juular]

10 hours ago, Bruno_A said:

Yes, I did change it. I got it working in the end. When making changes in OpenWRT, for the DNS servers used by DHCP, for some reason, the changes wouldn't take effect. For example, if I set 10.230.0.241 as the only DNS server, and renewed the DHCP lease, the DHCP lease would have the router (10.230.0.1) as the main DNS server, and the 10.230.0.241 as the secondary DNS server, and this way, It wouldn't even use the secondary DNS server at all. I found that when making changes in the DHCP server in OpenWRT, renewing the lease and flushing the DNS on the machine, wouldn't do the trick, and I had to actually reboot them. I never came accross this, and can't explain why this is, however, when I restarted, the DHCP lease on the client machine had the DNS server set up correctly. Weird.

So it works now ?

[Bruno_A]

4 hours ago, Juular said:

So it works now ?

Yep, it really was a matter of turning off and on again.

[leadeater]

On 12/24/2019 at 7:43 AM, Juular said:

That's strange, it should try other DNS if it can't find requested entry on primary one but i guess it's just Windows being Windows, look at DHCP server settings at your router and move the IP for DC on top to make it primary.

Secondary DNS server is for when the primary doesn't respond, it won't move to the next if it gets a valid response from the DNS server saying no record found as that is a valid reply from a DNS server.

[leadeater]

On 12/24/2019 at 2:53 PM, Bruno_A said:

Yes, I did change it. I got it working in the end. When making changes in OpenWRT, for the DNS servers used by DHCP, for some reason, the changes wouldn't take effect. For example, if I set 10.230.0.241 as the only DNS server, and renewed the DHCP lease, the DHCP lease would have the router (10.230.0.1) as the main DNS server, and the 10.230.0.241 as the secondary DNS server, and this way, It wouldn't even use the secondary DNS server at all. I found that when making changes in the DHCP server in OpenWRT, renewing the lease and flushing the DNS on the machine, wouldn't do the trick, and I had to actually reboot them. I never came accross this, and can't explain why this is, however, when I restarted, the DHCP lease on the client machine had the DNS server set up correctly. Weird.

Did you just do ipconfig /renew or ipconfig /release & ipconfig /renew? If you don't release Windows will hold on to DHCP settings it's already gotten and additionally in the DHCP request it'll actually ask for the same IP from the DHCP server. A flush 'should' work but I've come across dumb issues like this that only a reboot fixes.

[Bruno_A]

56 minutes ago, leadeater said:

Did you just do ipconfig /renew or ipconfig /release & ipconfig /renew? If you don't release Windows will hold on to DHCP settings it's already gotten and additionally in the DHCP request it'll actually ask for the same IP from the DHCP server. A flush 'should' work but I've come across dumb issues like this that only a reboot fixes.

Yes, I did that. Release, renew, a flushdns and then checked using /all. Only a restart would do the trick.