Solved

howto: Wildcard subdomain delegate under Windows server

Posted on 2007-03-20
3
1,591 Views
Last Modified: 2008-05-31
To DNS guru's:

I have a global DNS domain called "myname.com", I have the same domain internally for my active directory with integrated DNS (Shadow dns).

The issue that I'm encountering is that when I try to reach a subdomain of "myname.com" from my internal network that it will not be resolved because on my internet dns server because it is looking into my internal dns server (Where the record doesn't exist)

So as a solution I was thinking to delegate internally a wildcard of my domain "*.myname.com" , hoping that when my internal dns can't resolve it, that it will forward the query to the external dns server.

But it doesn't work, can anyone help ?
0
Comment
Question by:sebastienbo
  • 2
3 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18754905

You cannot delegate a Wildcard, it simply doesn't work and there's no way to make it work.

This is down to the implementation of the Wildcard in MS DNS. No two implementations of this mechanic seem to be the same, and none really match the RFC which doesn't do what people expect anyway.

You would have to delegate a Subdomain explicitly, or add any records you need within the main domain.

Sorry.

Chris
0
 
LVL 5

Author Comment

by:sebastienbo
ID: 18754949
Well if delegate won't work, is there another solution?

The AD integrated dns offers an option forwarders or conditional forwarders, but thos have effect on a complete domain/zone or on any domain/zone which isn't found in the local dns database.

Under linux I know that you could forward wildcards ns requests to another ns server, windows doesn't le you do that ?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18754973

Nope, Windows DNS isn't BIND I'm afraid, the two implementations of Wildcards aren't the same (helpful isn't it?).

The only solution is to manually add specific delegations or specific conditional forwarders / stub zones for the Sub-Domains.

It won't forward or attempt to further resolve anything beneath a domain it's authoritative for unless you tell it to.

Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now