David, I've done a lot of installs with AD. Your best bet is to just remove the the DNS function from the virtual router. Leave DHCP in place, don't have that be taken over by external DHCP as it will cause issues.
Also tweaking the dnsmasq is a short term fix as it will only go away once the VR reboots. Once you remove DNS, you then set your public and private DNS in the zone to your active directory servers. That will automatically filter down to the VMs and you'll get the desired results. Hope this helps, Matt On 4/23/13 8:51 AM, "David Ortiz" <dpor...@outlook.com> wrote: >Hello Ahmad, > That was my initial attempt. The issue I ran into was that the >dnsmasq settings on the Virtual Router seem to block the traffic that was >required for the machine to join the domain. I played around with the >settings a little bit and was able to get it to find the domain, so I >would imagine that I could tweak it some more to not be an issue. >However, any changes I make on the virtual router only last until it is >restarted, so without a way to make those permanent I have to circumvent >it entirely. The blog post that Murali linked for how to set up a >network without DHCP and DNS seems like it was probably the correct way >to do it, but as far as I can tell would require me to start my zone from >scratch, so I am trying to avoid that if possible. >Thanks, David Ortiz > >> CC: users@cloudstack.apache.org >> From: aemne...@gmail.com >> Subject: Re: Using different DNS for guests than Virtual Router >> Date: Tue, 23 Apr 2013 08:49:06 -0700 >> To: users@cloudstack.apache.org >> >> Coming from someone that has no clue about active directory... If your >>using a basic zone, why don't you have the AD server deployed outside of >>cloudstack s control. Then point have your dns entries point to it. Have >>the default security group for guests open to the ports AD works on. >> >> Ahmad >> >> On Apr 22, 2013, at 1:42 PM, David Ortiz <dpor...@outlook.com> wrote: >> >> > Hello, >> > I am trying to setup a Windows AD server as a guest on my >>cloudstack cluster, and join my other guests to the domain it is serving >>using PowerBroker Identity Services Open. From what I am seeing, the >>virtual router will block me from being able to perform nslookup or join >>the domain using the domainjoin-cli command. If I modify >>/etc/resolv.conf to point directly at my DC as the dns server, it can >>join the domain without any issues. Unfortunately when I reboot, the >>dhcp setup with the virtual router will point it back to the virtual >>router as the name server. I also found that I could get nslookup (but >>not joining the domain) to work by playing with the dnsmasq.conf >>settings on the virtual router a little bit, which works until it is >>rebooted at which point they revert back to what they had been >>originally. Is there a way to get the virtual router to point guests at >>the domain controller as the DNS, or to set up the dnsmasq to allow the >>AD joins to occur (and make those settings persistent)? Or >>alternatively, would I be able to set up DHCP on the DC and just >>circumvent the virtual router entirely? >> > Thanks, >> > David Ortiz >