Back to Microsoft Active Directory authentication
If in the general DNS configuration you specify your public DNS servers and your Active Directory, you should pay attention to the order of your DNS servers
¶ A wrong configuration:
- The local DNS cache listens the 127.0.0.1 and this is the first primary DNS server.
- The the Local DNS cache will use the 8.8.8.8 or 1.1.1.1 or the 192.168.90.10 as the Active Directory DNS domain.
- In this case, it will never get the *.articatech.int resolution as the local DNS cache will use the 8.8.8.8 as a the first DNS server
¶ A right but not optimized configuration:
The configuration below is the correct one, but it is not an optimized configuration.
Of course, the Active Directory DNS server is on top and the local DNS cache service will use it first.
In this case, our domain will be resolved.
But the DNS cache will use the first DNS for all domains, foreign domains and local domains.
Our local DNS will then request our primary DNS whereas it would be better to request the Active Directory only for the local domain and thus request the public DNS for everything that is not the local domain.
¶ The best method: Forward zones
Forward zones allow you to specify the DNS servers to use according to the requested domain.
In this case, we are able to create a rule for articatech.int to use the 192.168.90.10 DNS server.
Forward zones are located using the left menu “DNS” > “DNS Cache Service” > “Forward zones”
