Skip to content

DNS Initial Design

DNS zone

corp.gntech.lab

Initial DNS server

HQ-DC01

DNS role

DNS will be installed on the first domain controller as an AD-integrated zone.

Required validation

After domain creation, validate that these records exist:

  • _ldap._tcp.dc._msdcs.corp.gntech.lab
  • _kerberos._tcp.corp.gntech.lab
  • HQ-DC01.corp.gntech.lab

Forwarders

Forwarders should be configured based on the firewall and resolver design. For the lab, OPNsense may act as the upstream resolver, or DNS may forward directly to trusted public resolvers.

Reverse lookup

Create reverse lookup zones for active networks, starting with:

  • 172.20.20.0/24
  • 172.20.30.0/24

DNS client configuration

All domain-joined machines should use domain DNS servers only. Do not configure public DNS directly on domain members.