Active Directory DNS

Using the Active Directory DNS server for client Internet DNS lookups

When WinGate has been installed in an Active Directory domain that has a DNS server capable of performing Internet DNS lookups, there is NO requirement for the WinGate DNS service to be installed.

Since computers in an Active Directory are required to have their DNS configured to point at the IP address of the Active Directory DNS server (to be part of the directory) they will use this server automatically to perform the DNS lookup before their request is made to the Internet through WinGate.

Note

If WinGate is installed on the SAME computer as a DNS server capable of performing Internet DNS lookups (i.e. connected to the Internet) there is NO requirement for the WinGate DNS service to be installed.

Using WinGate to perform client Internet DNS lookups in an Active Directory

In certain Active Directories, the Active Directory DNS server is only responsible for name resolution within the Active Directory domain. Often it is not connected to the Internet and so cannot resolve Internet DNS requests.

If the Active Directory DNS server is not connected to the Internet, or provides DNS resolution for the local domain only, then it will have a Forwarders option in its configuration where an alternative DNS server can be entered that it will use for Internet lookups. In this case, you can install the WinGate DNS service, and have it be the DNS Forwarder that the Active Directory DNS server will refer to for Internet DNS lookups.

Note

Loop protection

In previous versions of WinGate, you were required to manually list all DNS servers that WinGate shouldn't use to prevent looping across the network. This would occur most commonly when WinGate was set up to act as a DNS Forwarder for the Active Directory DNS server.

Since the WinGate server was a member of the Active Directory, and would automatically refer to the Active Directory DNS server when a DNS lookup was needed by the WinGate DNS service, you would have to manually tell WinGate not to use the Active Directory server for Internet name lookups in order to prevent the looping that would occur.

The DNS Client in WinGate alleviates this extra configuration through probing. It will automatically determine if the DNS server is responsible for returning records for the domain it is located on, and if it is capable of providing Internet DNS resolution. If the DNS Client finds an Active Directory DNS server only capable of local lookups, then it will mark that DNS server appropriately and not refer to it for Internet DNS resolution. If WinGate is configured to be a DNS Forwarder for the Active Directory DNS server, the WinGate DNS Service will still need to be installed to provide this capability.

To use the WinGate DNS service as a DNS forwarder in an Active Directory:

Install the DNS service in WinGate
1. Open the WinGate Management console.
2. Navigate to Control Panel > Services.
3. On the Services panel right click and select Install Service.
4. Select the DNS service from the list of available services and provide a name when prompted.
5. Click OK to finish installing the DNS Service, which should now be listed on the Services Panel.
Configure WinGate as a Forwarder on the Active Directory DNS server
1. On the Active Directory DNS server open the Active Directory DNS Server MMC.
2. Right click on the DNS server and select Properties.
3. In the DNS server properties, select the Forwarders tab.
4. In the Forwarders tab, enter the LAN IP address of the WinGate server.
5. Click OK to save changes to the DNS server.

no comments yet...