# Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # '/usr/sbin/dnsmasq --help' or 'man 8 dnsmasq' for details. # Listen on this specific port instead of the standard DNS port # (53). Setting this to zero completely disables DNS function, # leaving only DHCP and/or TFTP.

#port=5353 # The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot # answer, and which load the servers (especially the root servers) # unnecessarily. If you have a dial-on-demand link they also stop # these requests from bringing up the link unnecessarily. # Never forward plain names (without a dot or domain part) #domain-needed # Never forward addresses in the non-routed address spaces.

#bogus-priv # Uncomment these to enable DNSSEC validation and caching: # (Requires dnsmasq to be built with DNSSEC option.) #conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf #dnssec # Replies which are not DNSSEC signed may be legitimate, because the domain # is unsigned, or may be forgeries. Setting this option tells dnsmasq to # check that an unsigned reply is OK, by finding a secure proof that a DS # record somewhere between the root and the domain does not exist. # The cost of setting this is that even queries in unsigned domains will need # one or more extra DNS queries to verify.

Transfer the records from your Ubuntu server to the new DNS Server on the DC; Convert the zone to an Active Directory-integrated zone; Restart the netlogon service on the 2003 DC (this way, all SRV records in the _msdcs subzone will re-register) Ensure that the SRV records are in place (eg. Ping _ldap._tcp.dc._msdcs.DOMAIN.addresse.com) Use the.

#dnssec-check-unsigned # Uncomment this to filter useless windows-originated DNS requests # which can trigger dial-on-demand links needlessly. # Note that (amongst other things) this blocks all SRV requests, # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.

# This option only affects forwarding, SRV records originating for # dnsmasq (via srv-host= lines) are not suppressed by it. #filterwin2k # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #resolv-file= # By default, dnsmasq will send queries to any of the upstream # servers it knows about and tries to favour servers to are known # to be up. Origin 81 serial key number. Uncommenting this forces dnsmasq to try each query # with each server strictly in the order they appear in # /etc/resolv.conf #strict-order # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #no-resolv # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv # files for changes and re-read them then uncomment this. #no-poll # Add other name servers here, with domain specs if they are for # non-public domains. #server=/localnet/192.168.0.1 # Example of routing PTR queries to nameservers: this will send all # address->name queries for 192.168.3/24 to nameserver 10.1.2.3 #server=/3.168.192.in-addr.arpa/10.1.2.3 # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. #local=/localnet/ # Add domains which you want to force to an IP address here.

# The example below send any host in double-click.net to a local # web-server. Keygen wic reset key free. #address=/double-click.net/127.0.0.1 # --address (and --server) work with IPv6 addresses too. #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 # Add the IPs of all queries to yahoo.com, google.com, and their # subdomains to the vpn and search ipsets: #ipset=/yahoo.com/google.com/vpn,search # You can control how dnsmasq talks to a server: this forces # queries to 10.1.2.3 to be routed via eth1 # server=10.1.2.3@eth1 # and this sets the source (ie local) address used to talk to # 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that # IP on the machine, obviously).