Domain controller query without VPN.

Hi,

I have entered the most important DNS entries as static. Unfortunately, the query still doesn’t work properly.

Branch office:
192.168.10.0/24
Router / Gateway and DNS is
192.168.10.1
Static DNS:
DC01.xxxx.lan with 192.168.1.10
APP01.xxx.lan with 192.168.2.15

Central:
192.168.2.0/24
routers / gateways
192.168.2.1

DNS - domain controller
192.168.2.10

I.e. if I enter 192.168.10.1 as DNS at the branch office, you can surf and call up the static DNS entries. But the domain ctroller query doesn’t work properly.

If I enter the DNS 192.168.2.10 (domain controller) at the branch office, everything works immediately. However, only as long as the VPN exists. If the VPN breaks off, everything is at the branch office.

What better way to solve this?

I have already tested Wireguard and L2TP/IPSEC as VPN.

It wouldn’t as AD DNS contains various special subdomains. At the remote site use the Mikrotik as the DNS server and add a static DNS FWD entry for your AD domain pointing to the AD server.

how do I do that, a static forward in Mikrotik?

Yes. Historically something like:
/ip dns static add regexp=“your\.domain$” forward-to=192.168.2.10
but in newer versions the following is more efficient:
/ip dns static add type=FWD name=your.domain match-subdomain=yes forward-to=192.168.2.10

unfortunately it doesn’t work. Why?

Client:
Adress: 192.168.8.11
Subnet: 255.255.255.0
Gateway: 192.168.8.254

Router:
Adress: 192.168.8.254
Subnet: 255.255.255.0
Gateway: WAN1

Domaincontroller other location: 192.168.10.200


/ip/dns/static/add forward-to=192.168.10.200 match-subdomain=yes name=ppf.local type=FW

Client nslookup:
C:\Users\admin>nslookup TS02RZ01.ppf.local
Server: UnKnown
Address: 192.168.8.254

*** TS02RZ01.ppf.local wurde von UnKnown nicht gefunden: Non-existent domain.