Short version: Do I need direct access to DNS from SVM data LIFS to join the SVM to an AD Domain and serve CIFS? Shouldn't DNS access from the node management interfaces be enough?
We've recently acquired a FAS2750 with OnTap 9.4P1 to replace our aging FAS8020 (still running OnTap 8.2.4P5) that will be sent to a second site. The FAS8020 is serving NFS datastores for VMware, and a multitude of NFS and CIFS shares to different machines, and the idea is for the FAS2750 to do the same (it's already serving NFS with no issues).
The NFS and CIFS networks (192.168.x.x) are segregated from the management/core network (10.x.x.x) and on separate switches and VLANs so as to not impact or be impacted by the core network.
The only points of contact with the 10.x.x.x networks we have are the management interfaces on the controllers/cluster. All data LIFS are on the 192.168 network, on separate VLANs for NFS and CIFS. The SVM only has data LIFS on 192.168.xx.
10.x.x.x (management) and 192.168.x.x (storage services) do not route to each other. CIFS clients have a NIC in the storage network/VLAN, and access CIFS shares from there.
The FAS8020 happily serves CIFS on the 192.168 network since it is able to reach DNS and the Domain Controllers from the cluster management interfaces that are on 10.x.
However, the FAS2750 apparently cannot use the cluster management interfaces to reach DNS, and as such can't find the DNS servers in order to successfully join the AD domain.
How can I keep my management and storage network separate on the 2750, but still reach DNS from the SVM CIFS LIFs in order to join the domain and serve CIFS from the storage network? Do I need a management network LIF on the SVM as well, just to reach DNS and join the domain?