7. Configuring DNS Delegation

Parallels RAS Secure Gateway routes client sessions to client VDI and RDS by names received the PA server in the client tenant. In order to operate properly, the DNS server in the MSP broker tenant needs to be able to resolve names of client domains.

Do the following:

  1. Log in to your AD/DNS server (the ras-pa-1 VM in this guide’s example) and open the DNS console:

    _images/vhw-dns-1.png
  2. Create a new stub zone for abc.local:

    _images/vhw-dns-2.png

    Select Stub zone:

    _images/vhw-dns-3.png

    Choose to replicate zone data to all DNS servers in this forest:

    _images/vhw-dns-4.png

    Name the new zone, e.g., after the client tenant:

    _images/vhw-dns-5.png

    Provide the IP address of client’s DNS server (the ras-pa-1 VM from the tenant abc in this guide’s example):

    _images/vhw-dns-6.png
  3. Complete the wizard and check connectivity:

    _images/vhw-dns-7.png