On 22. 11. 22 13:27, Michael Tokarev via Unbound-users wrote:
For example, we've a domain and a few geographically-spread
offices, each office is supposed to have its own proxy, email
server, file server and stuff like that. This is also an
AD DC domain. I thought about a single domain zone and local
overrides for certain commonly used names. But once again
faced this issue with unbound who is unable to resolve
(expand) CNAMEs in local-data or somesuch.
(Yes, I know there's another way, to give each office a
subdomain with the local names specified there, and specify
all other names in the main domain. But that doesn't work
because windows machines always query in its AD Domain
name first, and in DHCP-provided suffix next, - so I have
to override this at the resolver level).
Well, MS AD does support location-aware routing. I suggest using that
instead of hacking in your own way.
See e.g.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/site-functions
and search for "Client affinity".
MS keywords for this are "sites" and "locator".
Non-MS docs about this:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-ad-dns-sites
HTH.
--
Petr Špaček
