Matt, That sounds like exactly what I am going for. Is there a way to disable dns on a network/virtual router that already exists, or would I need to do this prior to creating the zone? Thanks, David
> From: mathias.mull...@citrix.com > To: users@cloudstack.apache.org > Subject: Re: Using different DNS for guests than Virtual Router > Date: Tue, 23 Apr 2013 16:04:02 +0000 > > David, > > I've done a lot of installs with AD. Your best bet is to just remove the > the DNS function from the virtual router. Leave DHCP in place, don't have > that be taken over by external DHCP as it will cause issues. > > Also tweaking the dnsmasq is a short term fix as it will only go away once > the VR reboots. > > Once you remove DNS, you then set your public and private DNS in the zone > to your active directory servers. That will automatically filter down to > the VMs and you'll get the desired results. > > Hope this helps, > Matt > > > On 4/23/13 8:51 AM, "David Ortiz" <dpor...@outlook.com> wrote: > > >Hello Ahmad, > > That was my initial attempt. The issue I ran into was that the > >dnsmasq settings on the Virtual Router seem to block the traffic that was > >required for the machine to join the domain. I played around with the > >settings a little bit and was able to get it to find the domain, so I > >would imagine that I could tweak it some more to not be an issue. > >However, any changes I make on the virtual router only last until it is > >restarted, so without a way to make those permanent I have to circumvent > >it entirely. The blog post that Murali linked for how to set up a > >network without DHCP and DNS seems like it was probably the correct way > >to do it, but as far as I can tell would require me to start my zone from > >scratch, so I am trying to avoid that if possible. > >Thanks, David Ortiz > > > >> CC: users@cloudstack.apache.org > >> From: aemne...@gmail.com > >> Subject: Re: Using different DNS for guests than Virtual Router > >> Date: Tue, 23 Apr 2013 08:49:06 -0700 > >> To: users@cloudstack.apache.org > >> > >> Coming from someone that has no clue about active directory... If your > >>using a basic zone, why don't you have the AD server deployed outside of > >>cloudstack s control. Then point have your dns entries point to it. Have > >>the default security group for guests open to the ports AD works on. > >> > >> Ahmad > >> > >> On Apr 22, 2013, at 1:42 PM, David Ortiz <dpor...@outlook.com> wrote: > >> > >> > Hello, > >> > I am trying to setup a Windows AD server as a guest on my > >>cloudstack cluster, and join my other guests to the domain it is serving > >>using PowerBroker Identity Services Open. From what I am seeing, the > >>virtual router will block me from being able to perform nslookup or join > >>the domain using the domainjoin-cli command. If I modify > >>/etc/resolv.conf to point directly at my DC as the dns server, it can > >>join the domain without any issues. Unfortunately when I reboot, the > >>dhcp setup with the virtual router will point it back to the virtual > >>router as the name server. I also found that I could get nslookup (but > >>not joining the domain) to work by playing with the dnsmasq.conf > >>settings on the virtual router a little bit, which works until it is > >>rebooted at which point they revert back to what they had been > >>originally. Is there a way to get the virtual router to point guests at > >>the domain controller as the DNS, or to set up the dnsmasq to allow the > >>AD joins to occur (and make those settings persistent)? Or > >>alternatively, would I be able to set up DHCP on the DC and just > >>circumvent the virtual router entirely? > >> > Thanks, > >> > David Ortiz > > >