DNS – How to Use a Specific DNS for a Specific Domain

domain-name-system

At work we use OpenDNS and it has wrongly blocked irc.freenode.net for malware. How can I make sure that any request for *.freenode.net goes to 8.8.8.8 and 8.8.4.4 (Google's DNS).

I tried doing this by fiddling with resolv.conf on Ubuntu, but I wasn't able to get too far. Also, is there an easy way to do this for Mac and Windows systems (I have a few colleagues using those OSes and they'd like to use IRC as well).

Best Answer

Linux does not support the use of domain-specific DNS servers via resolv.conf. You could potentially work around this by running a caching nameserver (such as BIND or dnsmasq) locally and then configuring explicit forwarders for each domain.

Under OS X, this sort of setting is relatively easy using the scutil command. The common use case for this configuration is to forward DNS requests for a VPN connection to VPN-specific DNS servers, so you'll find this discussed often in concert with, e.g., OpenVPN. This document talks about the scutil command as does this, and a Google search for openvpn and scutil will yield more results.

I'm not sure about Windows. You could presumably use the local DNS server solution for all three platforms if you needed to.

Answer

The short answer to your specific question of listing CNAMEs is that you cannot without permission to do zone transfers (see How to list all CNAME records for a given domain?).

That said, if your company's DNS server still supports the ANY query, you can use dig to list the other records by doing:

dig +noall +answer +multiline yourdomain.yourtld any

These ... +noall +answer +multiline ... are strictly optional and are simply output formatting flags to make the output more easily human readable (see dig man page ).

Example

$ dig +noall +answer +multiline bad.horse any

Returns:

bad.horse.              7200 IN A 162.252.205.157
bad.horse.              7200 IN CAA 0 issue "letsencrypt.org"
bad.horse.              7200 IN CAA 0 iodef "mailto:abuse@sandwich.net"
bad.horse.              7200 IN MX 10 mx.sandwich.net.
bad.horse.              7200 IN NS a.sn1.us.
bad.horse.              7200 IN NS b.sn1.us.
bad.horse.              7200 IN SOA a.sn1.us. n.sn1.us. (
                                2017032202 ; serial
                                1200       ; refresh (20 minutes)
                                180        ; retry (3 minutes)
                                1209600    ; expire (2 weeks)
                                60         ; minimum (1 minute)
                                )

Caveats (RFC8482)

Note that, since around 2019, most public DNS servers have stopped answering most DNS ANY queries usefully. For background on that, see: https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/

If ANY queries do not enumerate multiple records, the only option is to request each record type (e.g. A, CNAME, or MX) individually.

Windows AD DNS: Event ID 5504

Check this link out...go to (4) under 'Troubleshooting common DNS issues'.

Best Answer

Related Solutions

DNS Records – How to List All DNS Records in a Domain Using Dig

Answer

Example

Caveats (RFC8482)

Windows AD DNS: Event ID 5504

Related Topic