On Thu, Apr 10, 2014 at 07:13:56PM -0400, Bryan Harris wrote:
Hi Jakub,
Hopefully I’m providing a decent discussion starting point. Is placing the DC into resolv.conf the typical scenario? Or is it more that this is the Microsoft-recommended way of doing things, full stop?
For example, I don’t put 8.8.8.8 into my resolver if I want to lookup the www.google.com A record. I suspect internal zones at companies are not resolved by adding more and more lines to the resolv.conf file. I would rather think that corporate computers will generally point at a corporate DNS server which knows how to delegate AD queries to the AD servers, and other queries to other servers, and so on. But I could be overly optimistic after reading the responses on another list (I recently asked this to the bind folks, and they brought up a lot of interesting points).
I think the point is to enable the client machine to connect to the appropriate DC, typically by resolving SRV DNS records. It's not strictly needed to query the DC itself as long as the records are available.
DNS updates are performed against the DC SSSD is connected to, resolv.conf is not used during a DNS update.