Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 17, 2014 11:02 PM
Hello, my brain isn't working right today so I need to bounce my question off of someone else to help me figure this out...
I want to use Windows DNS server force clients to a local IP address when accessing a public address. For example, let's say a contractor has a site available via the VPN but they want me to use my own DNS to access it:
subsite.contractor.com -> 192.168.10.101
I don't want to create a simple forwarder for the domain contractor.com because if I do then I'd need to know every single IP address and name to resolve to on their side in the future. Like an MX and it would break if they ever change it.
Is there a way in Windows DNS to let my clients use the public dns servers to resolve the domains but yet force this single subdomain to a local IP address?
All replies (3)
Thursday, December 18, 2014 11:46 AM ✅Answered | 1 vote
Hi,
Below is what I have understood from your query.
subsite.contractor.com has a public IP and a internal IP assigned as well. And you want to direct internal or VPN users directly to the internal IP instead of routing it via the public IP.
You also seem to have a catch, which is other.contractor.com sites should be still routable via Public IP.
A kind of split DNS with a forwarder(or Root Hints if you like) should do the trick.
Below is the setup:
InternalDNS:
- Create just a Forward zone for subsite.contractor.com
- Create a Blank A record "(same as parent folder)" -> 192.168.10.101
- Setup a forwarder to external Public DNS for remaining resolution (Hope you already have this in place)
- Wait for DNS to update TTL to expire or run dnscmd /clearcache on DNS servers, ipconfig /flushdns on clients.
- Now subsite.contractor.com should be connecting to internal where as other.contractor.com to external.
How it works:
A DNS server configured to use a forwarder will behave differently than a DNS server that is not configured to use a forwarder. A DNS server configured to use a forwarder behaves as follows:
- When the DNS server receives a query, it attempts to resolve this query using the primary and secondary zones that it hosts and its cache.
- If the query cannot be resolved using this local data, then it will forward the query to the DNS server designated as a forwarder.
- The DNS server will wait briefly for an answer from the forwarder before attempting to contact the DNS servers specified in its root hints.
Bit Explaination on Zones:
Zone Name:
What is the name of the new zone?
"The zone name specifies the portion of the DNS namespace for which this server is authoritative. It might be your organization's domain name (for example, microsoft.com), or a portion of the domain name (for example, newzone.microsoft.com)."
Similar query here "Setting up DNS forward zone when AD domain name is a subdomain"
Hence your InternalDNS is authoritative only for subsite.contractor.com and not for *.contractor.com.
Regards,
Satyajit
Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.
Tuesday, December 23, 2014 10:45 AM
Hi SCADirector,
Please let us know, if above solution helps or if you were able to find any other solution.
Regards,
Satyajit
Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.
Wednesday, December 31, 2014 2:12 PM
Sorry for the delay in getting back to you. Your answer was correct and solved my problem. Thanks!