none
Replicate Wildcard Forwarder 2003 DNS to 2012 DNS RRS feed

  • Question

  • Hi. On internal DNS server running on Windows 2003 there is a DNS forwarder configured for a wildcard *.some.domain.com pointing to internal IP.

    How do I mirror this on new server running Windows 2012 R2 DNS? I am unable to add wildcard forwarder on forwarders tab. If I add internal IP it does not resolve.

    Thanks,

    Phil

    Friday, April 15, 2016 6:43 PM

Answers

  • Hi Phil,

    I added new Forward Lookup Zones for the required domains (not AD integrated as local site specific) on the new 2012 DNS server. I added wild card A record to each zone to resolve to the required internal IP. On remote DNS server I added a Conditional Forwarder to point to new 2012 DNS server. Not sure thats is the best approach to be honest. Prior to creating forward lookup zones I did try adding Conditional Forwarder pointing to the required internal IP however this failed validation. Phil.

    "Split zone is exactly that, two different records, internally with only internal records, and external with external records.

    But as you know being very knowledgable with DNS, that DNS does not forward a query for a zone its authorative for (meaning it hosts the zone).

    Therefore, I'm sure we're in agreement that the best a wildcard will do is only resolve non-existent records to a specific IP, that's it. "

    Best regards,


    Andy_Pan

    • Marked as answer by Beanie Hat Man Wednesday, April 20, 2016 11:52 AM
    Wednesday, April 20, 2016 7:47 AM

All replies

  • Hi Phil,

    >>How do I mirror this on new server running Windows 2012 R2 DNS? I am unable to add wildcard forwarder on forwarders tab. If I add internal IP it does not resolve.

    I have searched a lot and test this issue on my environment, found out that it is truly not able to use wildcard for DNS forwarder on server 2012R2.

    But you could use the nslookup command to resolve the A record for the FQDN.

    For example, if you have a *.some.domain.com A record on your dns zone, you could use nslookup * to resolve the A record. But you couldn't resolve this A record using another ways, just as you said .

    For this issue, i suggest you could configure a conditional forwarder or zone delegation for these *.some.domain.com pointing to internal IP.

    Assign a Conditional Forwarder for a Domain Name

    https://technet.microsoft.com/en-us/library/cc794735(v=ws.10).aspx

    Create a Zone Delegation

    https://technet.microsoft.com/en-us/library/cc753500.aspx

    Best regards,


    Andy_Pan




    • Proposed as answer by Hello_2018 Monday, April 18, 2016 6:41 AM
    • Edited by Hello_2018 Monday, April 18, 2016 6:44 AM
    Monday, April 18, 2016 6:41 AM
  • Hi Andy. Thanks for your response. That was my thinking also. I will add a conditional forwarder to the new server as suggested.

    Many Thanks,

    Phil.

    Monday, April 18, 2016 7:07 AM
  • My pleasure.

    And if you have any updates, welcome to share here.

    Best regards,


    Andy_Pan

    Monday, April 18, 2016 7:11 AM
  • I added new Forward Lookup Zones for the required domains (not AD integrated as local site specific) on the new 2012 DNS server. I added wild card A record to each zone to resolve to the required internal IP.

    On remote DNS server I added a Conditional Forwarder to point to new 2012 DNS server.

    Not sure thats is the best approach to be honest.

    Prior to creating forward lookup zones I did try adding Conditional Forwarder pointing to the required internal IP however this failed validation.

    Phil.

    Monday, April 18, 2016 7:54 AM
  • Hi Phil,

    I added new Forward Lookup Zones for the required domains (not AD integrated as local site specific) on the new 2012 DNS server. I added wild card A record to each zone to resolve to the required internal IP. On remote DNS server I added a Conditional Forwarder to point to new 2012 DNS server. Not sure thats is the best approach to be honest. Prior to creating forward lookup zones I did try adding Conditional Forwarder pointing to the required internal IP however this failed validation. Phil.

    "Split zone is exactly that, two different records, internally with only internal records, and external with external records.

    But as you know being very knowledgable with DNS, that DNS does not forward a query for a zone its authorative for (meaning it hosts the zone).

    Therefore, I'm sure we're in agreement that the best a wildcard will do is only resolve non-existent records to a specific IP, that's it. "

    Best regards,


    Andy_Pan

    • Marked as answer by Beanie Hat Man Wednesday, April 20, 2016 11:52 AM
    Wednesday, April 20, 2016 7:47 AM