• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1792
  • Last Modified:

howto: Wildcard subdomain delegate under Windows server

To DNS guru's:

I have a global DNS domain called "myname.com", I have the same domain internally for my active directory with integrated DNS (Shadow dns).

The issue that I'm encountering is that when I try to reach a subdomain of "myname.com" from my internal network that it will not be resolved because on my internet dns server because it is looking into my internal dns server (Where the record doesn't exist)

So as a solution I was thinking to delegate internally a wildcard of my domain "*.myname.com" , hoping that when my internal dns can't resolve it, that it will forward the query to the external dns server.

But it doesn't work, can anyone help ?
  • 2
1 Solution
Chris DentPowerShell DeveloperCommented:

You cannot delegate a Wildcard, it simply doesn't work and there's no way to make it work.

This is down to the implementation of the Wildcard in MS DNS. No two implementations of this mechanic seem to be the same, and none really match the RFC which doesn't do what people expect anyway.

You would have to delegate a Subdomain explicitly, or add any records you need within the main domain.


sebastienboAuthor Commented:
Well if delegate won't work, is there another solution?

The AD integrated dns offers an option forwarders or conditional forwarders, but thos have effect on a complete domain/zone or on any domain/zone which isn't found in the local dns database.

Under linux I know that you could forward wildcards ns requests to another ns server, windows doesn't le you do that ?
Chris DentPowerShell DeveloperCommented:

Nope, Windows DNS isn't BIND I'm afraid, the two implementations of Wildcards aren't the same (helpful isn't it?).

The only solution is to manually add specific delegations or specific conditional forwarders / stub zones for the Sub-Domains.

It won't forward or attempt to further resolve anything beneath a domain it's authoritative for unless you tell it to.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now