If you are using Active Directory on your network, and install the ctrld DNS daemon on the individual endpoints, be aware of the following potential issue, and solutions.

🚧

All DNS traffic is sent to Control D

ctrld DNS daemon will take over all DNS resolution on the endpoint, and send all DNS queries to a Control D resolver, including your local domains, and hostnames of your AD servers.

This can effectively break the Active Directory connectivity, as your local domains will not be resolvable via Control D.

There are 2 ways to solve this issue.

1. Mirror Controller DNS Records

The best and simplest way to resolve this problem is to simply mirror your AD controller DNS records in Control D, using Custom Rules. For example, let's pretend your AD controller is controller1.domain.com and it points to 10.20.30.1. Simply create a redirect rule that replicates this DNS record from your local DNS, in Control D interface.

Now, any Device that enforces a Profile that has this Custom Rule, will be able to resolve controller1.domain.com and reach the desired AD server. This method effectively deprecates the need for running a local DNS server on your network.

2. Split Horizon DNS

This method allows you to still use your internal DNS servers to resolve local domains, allowing your existing infrastructure to keep doing its thing. This method is a bit more involved, as it requires a custom configuration to create a split DNS policy that sends your internal DNS queries to internal DNS servers, while steering everything else to Control D.

This requires you to craft a custom ctrld config, as shown here, and deploying it on relevant endpoints.

We strongly recommend going with the first option, as it requires much less work, and no custom configuration.

🚧

We strongly recommend going with the first option, as it requires much less work, and no custom configuration.