none
Using DNS server for specific prefix

    Question

  • Hi,

    Does the Windows resolver allow a fine-grained configuration so that I can route all queries for a specific domain to a specific server but the rest should be handled normally?

    *.intra.example.com -> 192.168.0.1

    Rest -> normal resolution (as given e.g. by the DHCP servers of the interfaces)

    Background: 192.168.0.1 is properly configured to respond to all queries but it is on a slow (VPN) line.

    Thanks

    Saturday, July 27, 2013 3:53 AM

Answers

  • Right I see, yeah if it's a remote server then that option wouldn't really work!

    Are you dealing with a single machine connected via VPN to a remote site, or a complete AD controlled network which connects to another site?

    If you've got a complete local network with a local DHCP server then if it's 2012 you could use a conditional forwarder on there to forward any requests for intra.example.com to the remote server, but handle all other requests itself.

    If it's an individual machine and you're using Windows VPN then by default the machine (unless it's statically assigned) will pick up its DNS server settings from the VPN connection, thus overriding the currently config settings (see http://social.technet.microsoft.com/Forums/windowsserver/en-US/28d91a42-d1a4-4ee4-aef2-f66be668b0fc/dns-behavior-when-vpnd-onto-private-subnet).

    Saturday, July 27, 2013 8:17 PM

All replies

  • Don't know of a way to do that directly via Windows 8, but combined with your DNS server it should be possible. As long as the intention is for your DNS server (192.168.0.1) to never be used for doing external lookups then the following should work.

    On your DNS server, go into the DNS server properties, Advanced, and check "Disable recursion (also disables forwarders)". This means it will only serve DNS requests for domains that are local to it, in this instance intra.example.com.

    On your client machine(s) / DHCP settings set the local DNS server as the primary DNS server, and then set your other DNS server to be whatever you want to use for all other DNS requests.

    Any DNS requests will first be sent to the local DNS server, and if they're for intra.example.com then that server will be able to provide the result, but if they're for something else the local server won't provide the answer, your local machine will try the second DNS server preference, and you'll get your response. Note, since all external requests will first go to the local DNS server, fail and then go to the desired DNS server you those requests may take a little longer than normal, but after testing it it's not a particularly noticeable increase in time.

    Saturday, July 27, 2013 10:58 AM
  • Hi Keith,

    Thanks for the response. I hoped that Windows would offer this functionality directly.

    The problem is that 192.168.0.1 is on the other end of a low-speed VPN network. However, it is responsible for resolving everything related to intra.example.com.

    If first everything not for intra.example.com goes through the tunnel this would HIGHLY impact performance and there would be not much advantage in returning "no answer" rather than the correct answer (which is currently the case).

    I know there are 3 other workarounds which are not practical:

    1. Using not intra.example.com but a local domain which is not provided by an official DNS server
    2. Returning all internal records from intra.example.com (no way!)
    3. Dumping all records into hosts file

    I hope it is obvious that none of those provide a satisfactory solution.

    Peter

    Saturday, July 27, 2013 7:32 PM
  • Right I see, yeah if it's a remote server then that option wouldn't really work!

    Are you dealing with a single machine connected via VPN to a remote site, or a complete AD controlled network which connects to another site?

    If you've got a complete local network with a local DHCP server then if it's 2012 you could use a conditional forwarder on there to forward any requests for intra.example.com to the remote server, but handle all other requests itself.

    If it's an individual machine and you're using Windows VPN then by default the machine (unless it's statically assigned) will pick up its DNS server settings from the VPN connection, thus overriding the currently config settings (see http://social.technet.microsoft.com/Forums/windowsserver/en-US/28d91a42-d1a4-4ee4-aef2-f66be668b0fc/dns-behavior-when-vpnd-onto-private-subnet).

    Saturday, July 27, 2013 8:17 PM