Hello everyone, I have the following scenario:
VPN between headquarters and branch via SSTP.
Company A has an Active Directory installed and Company B's machines are in Company A's domain
I use OpenDns IP to block websites.
When I force through the IP-Firewall-NAT function
Chain: dstnat
Protocol: udp
DST Port: 53
In Interface: !WAN1
Action: Redirect
The domain stops working. How to proceed in this case? Can someone help me?
Company B
-
-
thompsontech
just joined
- Posts: 16
- Joined:
VPN X ACTIVE DIRECTORY
You do not have the required permissions to view the files attached to this post.
Re: VPN X ACTIVE DIRECTORY
Hi
You need to add information about your domain in /ip/dns/static
try with this, replacing example.com with your domain name and forward-to with your AD DNS.
Remember to keep \\ and $ as they are special characters in regex
hope that helps
You need to add information about your domain in /ip/dns/static
try with this, replacing example.com with your domain name and forward-to with your AD DNS.
Remember to keep \\ and $ as they are special characters in regex
Code: Select all
/ip dns static
add forward-to=1.2.3.4 regexp="example\\.com\$" type=FWD
Re: VPN X ACTIVE DIRECTORY
hello Thompson,
ms active directory works on top of its own dns server service (it has to be). so you can't use any other dns server other than ms-ad dns server, otherwise ms ad will not work.
all you can do is to make that ms-ad dns server service to forward any other dns query to opendns server (add a dns forwarder).
hope this helps.
since we don't have any idea which/what version of your ms ad platform - i only could give you general explanation.
Action: Redirect
The domain stops working. How to proceed in this case? Can someone help me?
ms active directory works on top of its own dns server service (it has to be). so you can't use any other dns server other than ms-ad dns server, otherwise ms ad will not work.
all you can do is to make that ms-ad dns server service to forward any other dns query to opendns server (add a dns forwarder).
hope this helps.
-
-
thompsontech
just joined
- Posts: 16
- Joined:
Re: VPN X ACTIVE DIRECTORY
Hi
You need to add information about your domain in /ip/dns/static
try with this, replacing example.com with your domain name and forward-to with your AD DNS.
Remember to keep \\ and $ as they are special characters in regex
hope that helpsCode: Select all/ip dns static add forward-to=1.2.3.4 regexp="example\\.com\$" type=FWD
Hello, thank you very much for the feedback. Do I do this procedure at the correct branch? In the matrix I need to do something about the DNS? In the Windows domain do I need any specific configuration?
Re: VPN X ACTIVE DIRECTORY
This config belongs to the one with the redirect, company b I think. When you redirect it's the ros dns server who "serves" dns requests. You have configured opendns, which doesn't know anything about your internal domain, or how to reach it as it's private.Hi
You need to add information about your domain in /ip/dns/static
try with this, replacing example.com with your domain name and forward-to with your AD DNS.
Remember to keep \\ and $ as they are special characters in regex
hope that helpsCode: Select all/ip dns static add forward-to=1.2.3.4 regexp="example\\.com\$" type=FWD
Hello, thank you very much for the feedback. Do I do this procedure at the correct branch? In the matrix I need to do something about the DNS? In the Windows domain do I need any specific configuration?
That rule simply tells the routeros dns that, for every request to example.com domain, query this server instead
If you have the same redirect in company A, you should exclude at least the windows domain dns server from that rule to avoid a query loop
regards
