I came across a customer site Windows DNS server that has it's external domain in a forward lookup zone on the AD server. There are some A and CNAME records here that we really don't want to be public. I'm wondering if we can configure DNS to point upstream to their SOA if it doesn't have an answer to a query for this domain, say searching for autodiscover.domain.com.
The upstream is a BIND DNS controlled by a web hosting company. I don't want to transfer zones and overwrite the static entries here, just reach out upstream if we don't know.
Is this possible? what's the mechanism? It's not really a split-DNS. I modified the SOA record but it doesn't do a recursive query upstream if it doesn't know.
Thanks,
Answer
The DNS server is authoritative for the zone. Any queries for the zone records will be answered by the server. If no record matches the query then the server will respond with an NXDOMAIN. Windows DNS won't forward the query to an upstream server.
What you can do is to create a zone for each of the records and create an "apex" A record in the zone for the ip address that each of those records should resolve to. This will make the server authoritative for only those "subdomains" and the server will forward all queries for the parent domain to the external DNS servers.
So... you'd create a zone named www.domain.com and then you'd create an "apex" A record in the zone with the ip address that www.domain.com should resolve to. Rinse and repeat for the other records.
No comments:
Post a Comment