Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Settings For Active Directory at a remote site

    Scheduled Pinned Locked Moved DHCP and DNS
    21 Posts 2 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks @McMurphy
      last edited by bmeeks

      @McMurphy said in DNS Settings For Active Directory at a remote site:

      @bmeeks

      p.s. And just when I thought understood what a resolver was I found this...
      14.03.2024_21.03.02_REC.png

      I created a rather long post above this one to explain this screenshot.

      The short version is the parameter highlighted in the red rectangle changes the mode of operation for the DNS Resolver over to forwarding mode instead of the default resolving mode. There are not many good reasons for doing that in the opinion of many of us seasoned admins. If you enable Forwarding Mode, then you must provide the DNS servers to forward the queries to under the DNS Servers section of GENERAL under the SYSTEM menu.

      Also note that if you enable this DNS Resolver option to switch it to forwarding mode, you should NOT enable DNSSEC. The server you forward to either does DNSSEC or it does not, but it will not do it just because you check that box. In fact, some external DNS servers will not work correctly if you enable DNSSEC when forwarding (Quad9 being an example, see this: https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-dnssec-validation). That checkbox really only applies to resolver mode operation.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.