[dano_gotcha]

I've looked for quite a bit of time, and no one had any answer. And after a few hours of experimentation, I have reached a solution. Because the solution is not anywhere I have seen it (looked every forum I know of), I thought I would post it here so others can benefit.

I am trying to keep my Windows AD Domain on the same subnet as my wifi; it allows me to experiment with domain administration while allowing my wife to surf the internet without worrying about domain issues. Most people say to route DNS requests to the Windows servers (forwarded from the router). Several others had tried to get AD to work with DNS on the dd-wrt, but here is the solution.

When installing AD, Win Server will automatically install DNS on the DC. Here is the trick. You need to copy ALL SRV entries from that DNS into the DNSMasq options on your dd-wrt router, and it takes some time to get it right. There are several zones to copy over. The basic form for a SRV record is simple:

srv-host=_ldap.<rest of the DNS entry>,host.domain,port

so, in other words, here are a few entries for my SRV records:
srv-host=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.network.net,captjack.network.net,389
srv-host=_ldap._tcp.cc3cf3da-9f89-49cd-8544-c7c590b852d8.domains._msdcs.network.net,captjack.network.net,389
srv-host=_kerberos._tcp.dc._msdcs.network.net,captjack.network.net,88

I have a total of 43 entries for SRV records. I am still playing with this, but inserting all 43 records has given me zero errors, allowed me to keep using my dd-wrt router for DNS and bypass the Windows DNS server. Of course, you can add static entries for hosts (A records) with this command:

address=/captjack.network.net/192.168.1.5

Hope this helps someone else. It would have been nice to come across this information 8 hours ago! LOL

Dan
Asus RT-16N/v24-SP2