Microtik and AD

nicolasecc · October 19, 2020, 5:50am

Dear Mikrotik Users

I have a problem integrating my Mikrotik and Domain Controller Active Directoy

my mikrotik IP is: 192.168.1.98/24
and my DC IP is 192.168.10.10/24
These IPs are NAT so can see each other on the network
My domain is for example xxx.yyy
Mikrotik is my DHCP server and gets these DNS to clients:
DNS1: 192.168.10.10 (my DC)
DNS2: 8.8.8.8

The Problem is here:
sometimes clients that login to windows can not access to xxx.yyy on my domain and instead go to xxx.yyy domain on the internet so they don’t get policies
and I have to change DNS manually for them with just 192.168.10.10 getting policies and after that add 8.8.8.8 again for accessing to internet

Please help what is the issue?

Best Regards

vecernik87 · October 19, 2020, 5:56am

If you don’t want them to use the 8.8.8.8, don’t give it to them. Simple as that. Define the DNS in ip->dhcp->networks so only your DC DNS will be distributed to clients.

If you provide the 8.8.8.8 to your clients, there is no way to guarantee they won’t use it.

Is there any reason to give your clients this public DNS?

nicolasecc · October 20, 2020, 8:42am

Thanks for yor reply
I get them That DNS for connecting to internet
I want my clients get policies from local domain and also can browsing the internet

please help

tdw · October 20, 2020, 10:44am

For clients to resolve hosts in your AD you have to use your DC as their DNS server. The DC itself should act as a recursive resolver for any other DNS requests.