0

This may just be a lack of knowledge on my part when it comes to maintaining DNS on Windows so apologies in advance if this is simple.

I am wanting to add a Forward Lookup Zone for exampledomain.com so that I can setup A records for users to access internal applications. exampledomain.com is also registered with our Domain registrar and has external facing DNS records.

The issue is when I add the forward lookup zone, it stops the external records from working for anybody internally which kind of makes sense because it resolves locally and the records are missing.

Is there a way to mix the two, have internal records setup which it would prioritise but if it cannot resolve, it goes to the registrar to check there?

Recnats
  • 131
  • 1
  • 1
  • 5

1 Answers1

1

Is there a way to mix the two, have internal records setup which it would prioritise but if it cannot resolve, it goes to the registrar to check there?

Sort of. Create an internal zone for the specific resource, like www.example.com. Then populate the zone with a "same as parent folder" A record for the ip address of the internal application/server.

enter image description here

enter image description here

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • I tried this and couldn't get it to work as I am expecting it to. I created a new Primary zone for the domain. Created a new A record with 1.1.1.1 (Assume this should be set to external DNS provider and it just caused errors) – Recnats Aug 11 '20 at 09:55
  • You're not creating a zone for the domain and you're not creating a record that points to the external DNS provider. You're creating a zone for the resource (www.example.com) and creating an A record for the ip address of the resource (1.1.1.1). Can you post screenshots of what you created? – joeqwerty Aug 11 '20 at 12:24
  • I see, so if I want an internal domain (test.domain.com) to not be on the external DNS then I create just that subdomain as a zone and then use an A record to point it to the correct IP address? We have quite a lot of internal records to create so this may be long winded – Recnats Aug 12 '20 at 14:50
  • To do this with the Windows DNS server that is going to be the best option. What you should consider is a more advanced DNS forwarder such as dnsmasq which supports specific hostname overrides and will forward other queries out to a public resolver. Windows DNS isn't designed to do this, but dnsmasq is. Unfortunately dnsmasq isn't available for Windows, but if you have a spare machine I'd recommend setting up pfSense and using that as your front-end network gateway (it includes dnsmasq as its DNS forwarder and have a nice GUI web interface too). – Justin Scott Jul 26 '22 at 17:44