I’m not using Microsoft’s DNS server solution, exactly because I’d like to get rid of Windows Server.
Let me explain my setup better:
My AD domain is Samba-hosted, with a jail running a Samba Domain Controller (TN itself cannot function as a DC). This jail is set up via jailmaker on the TrueNAS SCALE box itself and uses bridged networking to allow it to operate on a separate IP address. The TN SCALE box, in turn, is joined to the domain hosted at the jail.
AD-joined workstations need a working DNS with the proper domain entries to be able to function correctly. This DNS server runs alongside the Samba DC (it is a part of the Samba suite). For this reason my router’s DHCP server leases have their DNS pointing to the IP of the Samba jail - when started, this DNS can resolve both internal and external names (via forwarders set up in smb.conf).
This setup works, and the domain can be managed with Microsoft’s own administration tools, including AD Users and Groups, Group Policies, logon scripts, etc., exactly as if it was hosted on a Windows Server machine.
However, if the Samba jail fails to start, then, along with AD issues, there is also no external connectivity for the workstations, as their sole DNS server (normally running inside the jail) is down. Users get upset very quickly when their web access isn’t working…
It is worth noting that the same thing would happen if you were running a single Windows server with no DNS server redundancy (as was the case, for example, with the old Small Business Server product that MS used to sell, licensed for a single physical server)
What I’m trying to investigate is the possibility of having an additional, fallback DNS server to allow at least Internet access while the issue of the non-functional jail is being worked on.
Hope this clears some of the confusion - English is not my first language, so my posts can be somewhat stilted. Sorry for that.