On Thu, Apr 10, 2014 at 07:13:56PM -0400, Bryan Harris wrote:
Hi Jakub,
Hopefully I’m providing a decent discussion starting point. Is placing the DC into
resolv.conf the typical scenario? Or is it more that this is the Microsoft-recommended
way of doing things, full stop?
For example, I don’t put 8.8.8.8 into my resolver if I want to lookup
the
www.google.com A record. I suspect internal zones at companies are not
resolved by adding more and more lines to the resolv.conf file. I would
rather think that corporate computers will generally point at a corporate
DNS server which knows how to delegate AD queries to the AD servers,
and other queries to other servers, and so on. But I could be overly
optimistic after reading the responses on another list (I recently asked
this to the bind folks, and they brought up a lot of interesting points).
I think the point is to enable the client machine to connect to the
appropriate DC, typically by resolving SRV DNS records. It's not
strictly needed to query the DC itself as long as the records are
available.
DNS updates are performed against the DC SSSD is connected to,
resolv.conf is not used during a DNS update.