none
Forward unresolved companyname.com hostnames to external DNS servers RRS feed

  • Question

  • I have a Windows 2016 Active Directory with two domain controllers, which also serve as the DNS servers of my on-prem environment. We have issues resolving IP addresses for our companyname.com domain which are available on the public network.

    Resolving any FQDN for internal hosts works as expected. For example:

    server1.companyname.com
    server2.companyname.com
    etc.

    So we can basically resolve any names that have entires in our Active Directory when the domain controllers are used as the DNS servers.

    However, when trying a host that is located in the public network (e.g. www.companyname.com) the DNS fails to resolve. The problem is that I have configured DNS forwarding to 8.8.8.8 and 8.8.4.4, but it somehow does not seem to be working.

    Is there a way that I can configure my local DNS servers so if it fails to resolve a hostname in companyname.com, it then forwards the request to 8.8.8.8 and/or 8.8.4.4?

    Otherwise it seems that I would have to replicate all of my Godaddy public DNS entries in my local DNS servers -- which seems a little absurd if you ask me :)

    Thanks in advance for your help and support.

    Regards,
    P.

    • Edited by pmdci Monday, March 6, 2017 7:39 PM
    Monday, March 6, 2017 7:32 PM

Answers

  • Hi Anne,

    Thank you for your answer.

    Indeed, this is due to a limitation of the DNS Service in Windows. While other DNS servers such as BIND has been able to elegantly handle this common requirement for years, it seems that Windows DNS server lacks such basic functionality.

    I basically need to replicate on my AD DNS server all the all DNS entries I have in Godaddy.

    Way to go, MSFT :(



    • Marked as answer by pmdci Monday, March 13, 2017 9:08 AM
    • Edited by pmdci Monday, March 13, 2017 9:09 AM
    Monday, March 13, 2017 9:08 AM

All replies

  • Hi pmdci,

    The DNS resolution issue may caused by the external domain name the same as internal domain name. When query for www.company.com with internal DNS server as preferred DNS server, it will only search the internal domain, when it fails to resolve it, it will not turn to 8.8.8.8(8.8.8.4) with your configurations.

    To resolve this issue, we need to configure Split-brain DNS, for OS before server 2016, we may need two DNS servers to configure split-brain DNS, for server 2016 DNS, we may use DNS policy to configure it.

    https://blogs.technet.microsoft.com/networking/2015/05/12/split-brain-dns-deployment-using-windows-dns-server-policies/

    Besides, if there are only several FQDNs have that issue, you may also create fake DNS entries in internal DNS server to do the resolution for them.

    And for domain DNS server's settings, it's recommended to make DC's DNS server with it's own IP address, domain machines use DC as DNS server, and configure public DNS server on DC(DNS) as forwarder.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.




    Tuesday, March 7, 2017 6:36 AM
    Moderator
  • I'm afraid that split-brain DNS has nothing to do with the issue at hand. The scenario you describe is not what I have described.

    "And for domain DNS server's settings, it's recommended to make DC's DNS server with it's own IP address, domain machines use DC as DNS server, and configure public DNS server on DC(DNS) as forwarder."

    This is exactly what I did, as I have described in my original post. Somehow it is not working.

    Regards,

    P.

    Tuesday, March 7, 2017 6:54 AM
  • Hi omdci,

    >However, when trying a host that is located in the public network (e.g. www.companyname.com) the DNS fails to resolve. The problem is that I have configured DNS forwarding to 8.8.8.8 and 8.8.4.4, but it somehow does not seem to be working.

    This is because the external domain name is the same with the internal domain name.

    Since the domain suffix is the same, when the DNS server receive the request from the client, it will search records in its own zone, when the records not exits, it won't turn to forwarder to continue the resolution. So, I recommend you create a fake entry for www.comanyname.com in the internal DNS server zone "company.com", just like it is an internal record.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 13, 2017 8:08 AM
    Moderator
  • Hi Anne,

    Thank you for your answer.

    Indeed, this is due to a limitation of the DNS Service in Windows. While other DNS servers such as BIND has been able to elegantly handle this common requirement for years, it seems that Windows DNS server lacks such basic functionality.

    I basically need to replicate on my AD DNS server all the all DNS entries I have in Godaddy.

    Way to go, MSFT :(



    • Marked as answer by pmdci Monday, March 13, 2017 9:08 AM
    • Edited by pmdci Monday, March 13, 2017 9:09 AM
    Monday, March 13, 2017 9:08 AM