providing CNAMEs for local data

Petr Špaček pspacek at isc.org
Tue Nov 22 12:57:04 UTC 2022


On 22. 11. 22 13:27, Michael Tokarev via Unbound-users wrote:
> For example, we've a domain and a few geographically-spread
> offices, each office is supposed to have its own proxy, email
> server, file server and stuff like that.  This is also an
> AD DC domain.  I thought about a single domain zone and local
> overrides for certain commonly used names. But once again
> faced this issue with unbound who is unable to resolve
> (expand) CNAMEs in local-data or somesuch.
> 
> (Yes, I know there's another way, to give each office a
> subdomain with the local names specified there, and specify
> all other names in the main domain. But that doesn't work
> because windows machines always query in its AD Domain
> name first, and in DHCP-provided suffix next, - so I have
> to override this at the resolver level).

Well, MS AD does support location-aware routing. I suggest using that 
instead of hacking in your own way.

See e.g.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/site-functions 
and search for "Client affinity".

MS keywords for this are "sites" and "locator".

Non-MS docs about this:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-ad-dns-sites

HTH.

-- 
Petr Špaček


More information about the Unbound-users mailing list