Results 1 to 7 of 7
  1. #1
    Untanglit
    Join Date
    Feb 2017
    Posts
    16

    Default Any Negative Outcomes having Untangle Not Act as a DHCP or DNS Server?

    Hey All -

    I'm experimenting with Server 2016 and Active Directory integration on my home lab. Untangle currently acts as a router, firewall, content filter, DHCP and DNS server.. if I have Server 2016 take on the role of DHCP and DNS server.. are there any negative impacts to Untangle?

    Specifically, what (if any) functionality would I lose if Untangle isn't acting as the DHCP or DNS server?

    Thanks

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,813

    Default

    None

    You shouldn't use Untangle for DHCP or DNS if you're running AD. You should have the AD server doing that.

    The bit that isn't so obvious is you should leave Untangle using public DNS and NEVER your AD supporting DNS. If you want reports to resolve, you use the DNS Server section on the DNS tab in config -> networking to redirect the forward and reverse DNS zones your AD server operates to it.

    Don't cross the streams by plugging a bridge in twice...
    Don't make loops in your DNS...

    Avoid those two pitfalls and Untangle is quite happy.
    jprez likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    Feb 2017
    Posts
    16

    Default

    Thanks for the reply. I understand the first part of the response but the second is a bit unclear to me.

    Said differently, are you saying that Untangle's DNS server section (DNS Tab in Config -> Networking) should be pointing to the AD DNS server for reports to resolve and that the Interfance -> WAN section should continue to use the ISP provided DNS?

    Thanks

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,813

    Default

    Yes, Untangle needs to have DNS resolution that works without anything behind it, if not Untangle cannot function correctly until a device behind it comes online. And that device behind it, in this case a DC, doesn't function correctly until Untangle functions correctly.

    That's a chicken and the egg problem, don't do it... not unless you want trouble.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    Jul 2009
    Location
    Minneapolis/Saint Paul MN
    Posts
    79

    Default

    And if using Active Directory... have DNS forwarders configured on the AD Server pointing to your ISP's DNS Servers or the DNS Servers of your choice. All the machines on the LAN should look to the AD Controller/Server for DNS which you can push with the Server's DHCP options.

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,306

    Lightbulb

    Yes, and THIS is when #config/network/bypass-rules "Bypass DNS Sessions" should be enabled.
    See the paragraph under "Common Uses" in http://wiki.untangle.com/index.php/Bypass_Rules
    Last edited by Jim.Alles; 07-17-2020 at 11:49 AM.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,813

    Default

    Quote Originally Posted by Jim.Alles View Post
    Yes, and this is when #config/network/bypass-rules "Bypass DNS Sessions" should be enabled.
    See the paragraph under "Common Uses" in http://wiki.untangle.com/index.php/Bypass_Rules
    I prefer to make my own rule bypassing only DNS from the DCs rather than bypassing the protocol fully.

    But yes, egress DNS must be bypassed from any internal DNS server or you'll have performance issues.
    Jim.Alles likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2