I’m Kiruthik Kumar(KK), and my blog is about all random things that I spend my time on !

Use DNSMasq as DNS for Windows Active Directory queries in RaspberryPi

· by Kiruthik Kumar · Read in about 2 min · (334 Words)
Active Directory DNSMasq DNS LDAP SRV Record RaspberryPi

Have a scenario at home where I moved the Windows Active Directory domain server(in Win 2012R2) configured in my home network to a Virtual Machine. Since DNS is also configured along with AD, all the VMs are dependent on it - which is what I wanted to separate.

Virtual Machine which has the AD Server which will only host the AD services and DNS will be stripped to some other system

DNS Entries

I found these two articles(1 & 2) which explains the required DNS entries for the AD to work properly. So I figured out that we need to have DNS entries for LDAP, Kerberos, Global Catalog services in the domain server so that the clients can reach them. And we require few A & CNAME records and like a dozen of SRV records for those services. Also we require couple of Guids; domain Guid & DSA object Guid of the PDC server.

Simply to put, we need a dozen of DNS records for the clients to identify (locate) the domain server.

Using DNSMasq in RaspberryPi

DNSMasq is a light weight DNS & DHCP server for Linux platform, and it can be installed on a Pi. So I installed it on my Pi3 and it is my DNS & DHCP server on my home network.

Create DNS entries to add in the DNSMasq configuration file

Edit the DNSMasq configuration file and add the configuration(entries) as per your domain names & Guids.
$ sudo nano /etc/dnsmasq.conf

Text file for the configuration is here. You may need to replace doco.kiruthik.com with your domain controller’s forest name. And you have to find out domain Guid & DSA object Guid.

DNSMasq configuration

Find the GUIDs

  • For domain guid, just run the below PS command.
Domain GUID
  • And for DSA object Guid, it’s easier to traverse to the NTDS settings like Active Directory Users and Computers > Domain Controllers > (choose the Primary Domain Controller in use) and right click for the properties
Get the GUID for AD - NTDS Settings

Then restart DNSMasq daemon !

$ sudo /etc/init.d/dnsmasq restart