Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, March 3, 2016 7:57 AM
Hi All,
There is a special requirement on DNS. The DNS forwarding is not enabled on the corporate DNS servers for some special reasons as per the orgnization's policy. Normally users access Internet over proxy, so DNS forwarding is ideally not required. Now there is a special requirement. A few users require to access some partner's network over site to site VPN. Routing to the partner's network has been configured successfully for these users. But these users are not able to resolve partner's FQDNs becuase users are using corporate DNS servers, and they cannot use partner's DNS servers directly as corporate resources are also requried to be resoloved. Currently users modify their local hosts file for partner's specific FQDNs. My question is, is there a way to forward all the DNS queries of *.partner.com to partner's DNS server (conditional forwarding) instead of creating a lot of static DNS entries like HostA.partner.com or HostB.partner.com to be resolved to specific IP addresses in local hosts file? If no, is there any 3rd party open source and free DNS software installed on local Windows workstations for conditional forwarding? Currently we cannot provide one more addtional DNS server for these users as per orgnization's policy.
Thanks,
高麻雀
All replies (7)
Thursday, March 3, 2016 8:15 AM ✅Answered
No, Windows does not support specifying conditional DNS configuration locally. I have not heard about any software that will allow you to do so. Dispatching DNS requests is DNS servers' function so you can either install some kind of freeware DNS server locally on clients or, as a more sensible solution, just configure a conditional forwarder for partner's domain on your DNS servers... or stick with host files.
Gleb.
Thursday, March 3, 2016 8:05 AM
ridiculous policy that allows clieant to use host files but not allow the dns server to have forwarding.
Anyway try add the partner DNS server IP in the client NIC as second entry
Thursday, March 3, 2016 10:05 AM
Hi All,
Currently we cannot provide one more addtional DNS server for these users as per orgnization's policy.
So you are left either with an option for using Conditional Forwarders if you are allowed to, and send DNS request to your partner DNS server. Note that in that case your local DNS server will need appropriate network access to partner DNS servers. Another funny option is to have a hostfile written, and store it to a centralized location, then have the users download it and replace that (if you do not want all your users edit their localhost, you have to it for them.). However it is still a silly solution but it is way more better that guiding all your clients to update their localhost.
Mahdi Tehrani | | www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
Monday, March 7, 2016 9:09 AM
ridiculous policy that allows clieant to use host files but not allow the dns server to have forwarding.
Anyway try add the partner DNS server IP in the client NIC as second entry
Will the secondary DNS server work if the primary DNS server is available?
Monday, March 7, 2016 9:12 AM
No, Windows does not support specifying conditional DNS configuration locally. I have not heard about any software that will allow you to do so. Dispatching DNS requests is DNS servers' function so you can either install some kind of freeware DNS server locally on clients or, as a more sensible solution, just configure a conditional forwarder for partner's domain on your DNS servers... or stick with host files.
Gleb.
Hi Gleb,
Thanks for your reply. Yes, actually my idea is to check if we can install some freeware DNS server on local workstations. Do you have any recommendations?
BTW, configuring a conditional forwarder on partner's DNS servers is not possible from the business perspective.
Thanks,
高麻雀
Monday, March 7, 2016 9:19 AM
Hi All,
Currently we cannot provide one more addtional DNS server for these users as per orgnization's policy.
So you are left either with an option for using Conditional Forwarders if you are allowed to, and send DNS request to your partner DNS server. Note that in that case your local DNS server will need appropriate network access to partner DNS servers. Another funny option is to have a hostfile written, and store it to a centralized location, then have the users download it and replace that (if you do not want all your users edit their localhost, you have to it for them.). However it is still a silly solution but it is way more better that guiding all your clients to update their localhost.
Mahdi Tehrani |
| www.mahditehrani.ir
Please click on Propose As Answer orto mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
Hi Mahdi,
Thanks for your reply. There may be more and more unknown DNS entries on partner's DNS servers. This is why I would like to check if we can configure a DNS forwarder for all *.partner.com queries. Currently I would like to check if there is any 3rd party freeware DNS server that can be installed on local workstations. We cannot install one more Windows Server machine with DNS role for these particular users as orgnization policy reason.
Thanks,
高麻雀
Friday, March 18, 2016 7:27 AM
Hi 高麻雀,
Sorry we can't give you recommended 3rd-paryty software.If you have any other question,please feel free to ask here.
Best Regards,
Cartman
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].