Share via

How to make exception on DNS Forwarder for a DNS entry

Anonymous
2024-07-09T02:16:16+00:00

We have a (Windows) DNS server and we have added a forwarder to pass the DNS lookup of the domain we didn't add. (For example, abc.com.)

However, we want a single DNS record host1.abc.com to map to a specific IP address that is different than the DNS lookup result from the forwarder DNS server.

Base on my understanding, I need to create a Forwarding Lookup Zone for abc.com on my local DNS server, and then add only one host1.abc.com DNS record in it. However, if I added the abc.com domain in my local DNS server Forward Lookup Zones, every DNS query of *.abc.com will not pass to the Forwarder anymore, and this is not what I want.

How can I configure the local DNS server so that I can add a single DNS record host1.abc.com for my local user to lookup while passing all the other abc.com queries to the forwarder?

Windows Server Networking

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-07-09T02:55:30+00:00

    Hello Paul,

    To achieve the desired DNS resolution where you have a specific DNS record (host1.abc.com) resolved locally to a different IP address while still forwarding all other DNS queries for abc.com to an external DNS forwarder, you can use DNS policies on your Windows DNS server. Here are the steps to configure this:

    Steps to Configure DNS Policy for Selective Forwarding

    1. Create a DNS Zone for Specific Record:
      • Open the DNS Manager on your Windows DNS server.
      • Create a new Forward Lookup Zone specifically for host1.abc.com.
    2. Add the Specific DNS Record:
      • In the newly created zone host1.abc.com, add an A record pointing to the specific IP address you want.
      • For example, host1.abc.com -> 192.168.1.100.
    3. Create a DNS Zone for General Domain:
      • If you already have a Forward Lookup Zone for abc.com, skip this step.
      • If not, create a Forward Lookup Zone for abc.com.
    4. Add a DNS Policy for Selective Query Resolution:
      • Use the DNS Policy feature to forward all requests except host1.abc.com to the external DNS forwarder.

    Here is a step-by-step example of how to configure the DNS policy using PowerShell:

    1. Open PowerShell as Administrator.
    2. Add the DNS Zone for the Specific Record: powershell Add-DnsServerPrimaryZone -Name "host1.abc.com" -ZoneFile "host1.abc.com.dns"

    1. Add the Specific DNS Record: powershell Add-DnsServerResourceRecordA -Name "host1" -ZoneName "host1.abc.com" -IPv4Address "192.168.1.100"

    1. Create the DNS Zone for General Domain** (if not already created): powershell Add-DnsServerPrimaryZone -Name "abc.com" -ZoneFile "abc.com.dns"
    2. Create a Zone Scope for General Domain: powershell Add-DnsServerZoneScope -ZoneName "abc.com" -Name "ForwarderZone"
    3. Create a Zone Scope for the Specific Record:

    powershell

    Add-DnsServerZoneScope -ZoneName "host1.abc.com" -Name "LocalScope"

    1. Add the DNS Policy: powershell Add-DnsServerQueryResolutionPolicy -Name "ForwardAllExceptHost1" -Action ALLOW -ServerInterfaceIP "eq,any" -Fqdn "ne,host1.abc.com" -ZoneScope "ForwarderZone,1" -ZoneName "abc.com"

    Explanation:

    1. Step 2-3: You create a specific DNS zone host1.abc.com and add the desired A record pointing to the specific IP address.
    2. Step 4: You ensure there is a zone for abc.com to manage general domain queries.
    3. Step 5: A new zone scope named ForwarderZone is created for the abc.com zone, which will handle the general domain queries.
    4. Step 6: A new zone scope named LocalScope is created for the host1.abc.com zone, which will handle the specific host queries.
    5. Step 7: The DNS policy ForwardAllExceptHost1 allows the server to forward all queries except for host1.abc.com to the external DNS forwarder.

    Final Notes:

    • The DNS policy ensures that any DNS queries for host1.abc.com are resolved locally while other abc.com queries are forwarded.
    • This configuration maintains a clear separation between local and forwarded DNS queries, ensuring the desired resolution behavior.
    • Always make sure to test the configuration in a controlled environment before applying it to production to avoid any disruptions.

    If you need further assistance or if there are any other issues, please let me know.

    Best regards

    Rosy

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest