Injecting DNS records for a domain on your DNS server for local domain clients

dns-hostingdns-zonedomain-name-systeminternal-dnsnameserver

I have a Microsoft DNS server setup and running for my local domain (mydomain.local). I have set up a public domain since then (mydomain.com) and want all my local clients to have different A hosts for mydomain.com while they are on the local network. If they are remote I want them to get the resolutions anyone would get on the internet from the public DNS server (hosted elsewhere).

Scenario 1: Internal

client1.mydomain.local is a PC on my local network and tries to resolve test.mydomain.com. That client should get back 192.168.1.100. When the client tries to resolve test2.mydomain.com it should get back 192.168.1.101. Then last when the client tries to resolve test3.mydomain.com it should get back 8.8.3.6.

Scenario 2: External

client2 is a PC somewhere else in the world and tries to resolve test.mydomain.com. That client should get back 8.8.3.4. When the client tries to resolve test2.mydomain.com it should get back 8.8.3.5. Then last when the client tries to resolve test3.mydomain.com it should get back 8.8.3.6.

Currently I have my local DNS server (mydomain.local) setup with the new domain (mydomain.com) and only have a few select A hosts in it (test, test2 but NOT test3). My goal is to somehow forward the DNS requests to a specific DNS server that are not in my (mydomain.com) zone. At this point when I try to resolve test1.mydomain.com and test2.mydomain.com they resolve great! But when I try to resolve test3.mydomain.com it fails and does not resolve.

Best Answer

OK I found two methods of doing what I want...

Method #1: Zone Per Host

This method is crude and somewhat messy if you have a bunch of hosts you need to work with, but in my case I only had a few so it worked great for me and this is the method I went with...

First you have your DNS zone hosted with a third party (in my case it was with Godaddy). This is what is used for the public (internet) to resolve test.mydomain.com and the clients on the internet side would get back 8.8.3.4. That's what I already had in place and now I need my internal network to resolve those hosts differently. So I did the following...

Create a new zone on your local network DC called "test.mydomain.com". In that zone create an "A-Host" record, do not enter anything into the first field called "Name", just leave it blank. Then enter your LOCAL internal IP in the "IP Address" field. In my case I used "192.168.1.100".

Now I test with a client on the internet (outside the office) and test.mydomain.com resolves to 8.8.3.4! And the client on my local network resolves test.mydomain.com to 192.168.1.100!!!

Method #2: Two Zones, One For Internal And One For External

This is the less messy way of doing it but requires more upkeep. In this method you will need to keep multiple zone in multiple locations up to date. I chose not to go this route just because of the upkeep. If you have a bunch of hosts and want a clean look this might be the method for you.

Create a new zone on your local network DC. Call the zone "mydomain.com". Now replicate manually all the records from the (in my case GoDaddy hosted) zone to the newly created zone in your local DC. Once you have done that just change the records you want to be different for internal use. This in essence kinda hijacks the zone. So if you hop on godaddy and update the zone with a new a-host or change an existing one you will need to do the same thing on your local DC server to reflect the changes.

Answer

The short answer to your specific question of listing CNAMEs is that you cannot without permission to do zone transfers (see How to list all CNAME records for a given domain?).

That said, if your company's DNS server still supports the ANY query, you can use dig to list the other records by doing:

dig +noall +answer +multiline yourdomain.yourtld any

These ... +noall +answer +multiline ... are strictly optional and are simply output formatting flags to make the output more easily human readable (see dig man page ).

Example

$ dig +noall +answer +multiline bad.horse any

Returns:

bad.horse.              7200 IN A 162.252.205.157
bad.horse.              7200 IN CAA 0 issue "letsencrypt.org"
bad.horse.              7200 IN CAA 0 iodef "mailto:abuse@sandwich.net"
bad.horse.              7200 IN MX 10 mx.sandwich.net.
bad.horse.              7200 IN NS a.sn1.us.
bad.horse.              7200 IN NS b.sn1.us.
bad.horse.              7200 IN SOA a.sn1.us. n.sn1.us. (
                                2017032202 ; serial
                                1200       ; refresh (20 minutes)
                                180        ; retry (3 minutes)
                                1209600    ; expire (2 weeks)
                                60         ; minimum (1 minute)
                                )

Caveats (RFC8482)

Note that, since around 2019, most public DNS servers have stopped answering most DNS ANY queries usefully. For background on that, see: https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/

If ANY queries do not enumerate multiple records, the only option is to request each record type (e.g. A, CNAME, or MX) individually.

How to use BIND DNS with multiple domain names

Add another zone entry, similar to the existing one in the named.conf file, with the DNS name and file name of your second domain.

Best Answer

Related Solutions

List all DNS records in a domain using dig

Answer

Example

Caveats (RFC8482)

How to use BIND DNS with multiple domain names

Related Topic