Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 03:30 PM (PDT)
Microsoft Tech Community

DNS Query Policy to make DNS server authoritative for a single host in Domain

Iron Contributor

I wish to do the following with my Windows 2016 DNS server:

 

  • Forward all queries for test.fwd to another DNS server except for a handful of records to which I wish to be authoritative i.e. host1.test.fwd

Would this be possible with a DNS Query Policy? 

6 Replies
I usually create a DNS zone named www.domain.com, for example. In that zone, you create an empty record containing the IP address of www.domain.com. Doing so will make your internal clients use that address, and all other domain.com will use the normal public addresses.

It's called a PinPoint DNS zone, how-to here https://petri.com/create-a-pinpoint-dns-zone-to-support-identical-internal-and-external-exchange-ser...

Did this help? I use this for my customers a lot too

Thanks! Does this also make it authoritative for everything underneath that domain i.e. host.www.domain.com ?
If you create a www.domain.com zone, then it's only that FQDN and the address that you enter. All other records, like portal.domain.com, will not be affected.

Please mark my answer as the solution to mark it as solved
Yes but it's not just a single record in my testing. Everything under the domain www.domain.com is affected. My solution I need it to be specific to that single record www.domain.com not sub.www.domain.com.

If you create a DNS zone in Active Directory DNS and name it www.domain.com, you will have an empty zone with no records. Then you create one A record in that empty zone, without a name, but with only an address... Then your clients who access www.domain.com will be redirected to that IP address... If you need an additional record, portal.domain.com, for example, then you repeat this.

If you add a zone domain.com to your DNS environment, you must add all public records to it if you want them to be accessible to your clients. 

It's all in the https://petri.com/create-a-pinpoint-dns-zone-to-support-identical-internal-and-external-exchange-ser... link that I shared, the pinpoint DNS zone part