Dnsmasq – Conditional DNS Forwarding for Windows Active Directory Domains

Let’s say your Windows domain is “domain.local” and your Windows DNS IP address is “192.168.1.55” and “192.168.1.56”
In OpenWrt, add this to /etc/config/dhcp:

        option rebind_protection '0'
        list server '/domain.local/192.168.1.55'
        list server '/domain.local/192.168.1.56'

The trick here which isn’t well documented is that rebind protection MUST be set to ‘0’ otherwise lookups for *.domain.local will fail.
UPDATE: Be sure to NOT have filterwin2k set in dnsmasq (/etc/config/dhcp), if you do, gpupdate and AD-domain lookups will fail.

Now your other computers/devices/servers that use the dnsmasq DNS-server can resolve computers that are AD-connected.

2 thoughts on “Dnsmasq – Conditional DNS Forwarding for Windows Active Directory Domains”

Setting the parameter rebind_protection ‘0’ is not safe. Just add your domain to whitelist. I did it through the web interface Luci

Reply ↓

shelter on December 6, 2023 at 15:07 said:

Yes, you are correct. I tried it myself and it works. Thanks for the hint!

Reply ↓

bsdpro.se

random computer tech stuff

Dnsmasq – Conditional DNS Forwarding for Windows Active Directory Domains

2 thoughts on “Dnsmasq – Conditional DNS Forwarding for Windows Active Directory Domains”

Leave a Reply Cancel reply