It's possible to create loops in DNS in this configuration and it's not recommended or supported.The diagram above is meant to represent the typical flow of DNS traffic from a client and not how a local DNS forwarder should be pointed.In an Active Directory (AD) domain, the _msdcs DNS zone stores several types of resource records pertaining to domain controllers (DCs).If this zone is not present or not functioning properly, domain members may not be able to locate a DC and thus may not be able to access resources in the domain.Stub zones are DNS zones that contain only the SOA, NS, and A glue records for a domain.

[[email protected] ~]# ipa dnszone-show server.Zone name: server.Authoritative nameserver: dns.Administrator e-mail address: admin.

This is accomplished by defining your local domain names in the Umbrella dashboard.

**IMPORTANT NOTE:** Do not set your local DNS forwarders to point to the Virtual Appliances.

### Internal Domains and the Umbrella Dashboard: In the Umbrella dashboard, navigate to **Settings** **Internal Domains**.

Any DNS queries received by the VAs which match a domain on the Internal Domains list, or subdomain thereof, will be forwarded to the local DNS server as described in [Configuring your VAs](https://docs.umbrella.com/product/umbrella/5-configuring-the-vas/).

SOA serial: 1377691702 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3000 Active zone: TRUE Allow query: any; Allow transfer: none;[[email protected] ~]$ kinit admin [[email protected] ~]$ ipa dnszone-mod server.--ttl=1800 Zone name: server.Authoritative nameserver: dns.Administrator e-mail address: admin.

