Multiple AD Auth Servers - How do I configure DNS?
I have a query regarding SSL VPN with multiple AD domains.
I have a firewall situated at a site with two different organisations. Each on it's own subnet and each connected to its own M200 port.
Each organisation runs its own AD domain and there is no connectivity between the two beyond the sharing of the broadband.
- Define two AD authentication servers.
- Get the SSL VPN user to logon to the correct AD domain by specifying the username prefixed by the domain.
- Grant access to only the correct subnet based on the user's membership of an AD security group.
The one part I cannot figure out how to do is DNS. The Watchguard seems only to be able to provide a single set of DNS servers and DNS suffix - whereas I need to be able to provide one DNS server for one organisation but a different DNS server for the other.
I could configure one DNS server for each AD domain and give them out as a set. As long as the user only has access to the correct DNS server this should work but (a) they would have to wait for unavailable DNS servers to time out, and (b) this doesn't address the DNS suffix problem.
I can't help but think I can't be the first person with this requirement and I am missing something obvious.
If you could lend any guidance I would be most appreciative.
Thanks and regards,