Matt,
That sounds like exactly what I am going for. Is there a way to disable
dns on a network/virtual router that already exists, or would I need to do this
prior to creating the zone?
Thanks, David
> From: mathias.mull...@citrix.com
> To: users@cloudstack.apache.org
> Subject: Re: Using different DNS for guests than Virtual Router
> Date: Tue, 23 Apr 2013 16:04:02 +0000
>
> David,
>
> I've done a lot of installs with AD. Your best bet is to just remove the
> the DNS function from the virtual router. Leave DHCP in place, don't have
> that be taken over by external DHCP as it will cause issues.
>
> Also tweaking the dnsmasq is a short term fix as it will only go away once
> the VR reboots.
>
> Once you remove DNS, you then set your public and private DNS in the zone
> to your active directory servers. That will automatically filter down to
> the VMs and you'll get the desired results.
>
> Hope this helps,
> Matt
>
>
> On 4/23/13 8:51 AM, "David Ortiz" <dpor...@outlook.com> wrote:
>
> >Hello Ahmad,
> > That was my initial attempt. The issue I ran into was that the
> >dnsmasq settings on the Virtual Router seem to block the traffic that was
> >required for the machine to join the domain. I played around with the
> >settings a little bit and was able to get it to find the domain, so I
> >would imagine that I could tweak it some more to not be an issue.
> >However, any changes I make on the virtual router only last until it is
> >restarted, so without a way to make those permanent I have to circumvent
> >it entirely. The blog post that Murali linked for how to set up a
> >network without DHCP and DNS seems like it was probably the correct way
> >to do it, but as far as I can tell would require me to start my zone from
> >scratch, so I am trying to avoid that if possible.
> >Thanks, David Ortiz
> >
> >> CC: users@cloudstack.apache.org
> >> From: aemne...@gmail.com
> >> Subject: Re: Using different DNS for guests than Virtual Router
> >> Date: Tue, 23 Apr 2013 08:49:06 -0700
> >> To: users@cloudstack.apache.org
> >>
> >> Coming from someone that has no clue about active directory... If your
> >>using a basic zone, why don't you have the AD server deployed outside of
> >>cloudstack s control. Then point have your dns entries point to it. Have
> >>the default security group for guests open to the ports AD works on.
> >>
> >> Ahmad
> >>
> >> On Apr 22, 2013, at 1:42 PM, David Ortiz <dpor...@outlook.com> wrote:
> >>
> >> > Hello,
> >> > I am trying to setup a Windows AD server as a guest on my
> >>cloudstack cluster, and join my other guests to the domain it is serving
> >>using PowerBroker Identity Services Open. From what I am seeing, the
> >>virtual router will block me from being able to perform nslookup or join
> >>the domain using the domainjoin-cli command. If I modify
> >>/etc/resolv.conf to point directly at my DC as the dns server, it can
> >>join the domain without any issues. Unfortunately when I reboot, the
> >>dhcp setup with the virtual router will point it back to the virtual
> >>router as the name server. I also found that I could get nslookup (but
> >>not joining the domain) to work by playing with the dnsmasq.conf
> >>settings on the virtual router a little bit, which works until it is
> >>rebooted at which point they revert back to what they had been
> >>originally. Is there a way to get the virtual router to point guests at
> >>the domain controller as the DNS, or to set up the dnsmasq to allow the
> >>AD joins to occur (and make those settings persistent)? Or
> >>alternatively, would I be able to set up DHCP on the DC and just
> >>circumvent the virtual router entirely?
> >> > Thanks,
> >> > David Ortiz
> >
>
