Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

howto: Wildcard subdomain delegate under Windows server

Posted on 2007-03-20
3
Medium Priority
?
1,728 Views
Last Modified: 2008-05-31
To DNS guru's:

I have a global DNS domain called "myname.com", I have the same domain internally for my active directory with integrated DNS (Shadow dns).

The issue that I'm encountering is that when I try to reach a subdomain of "myname.com" from my internal network that it will not be resolved because on my internet dns server because it is looking into my internal dns server (Where the record doesn't exist)

So as a solution I was thinking to delegate internally a wildcard of my domain "*.myname.com" , hoping that when my internal dns can't resolve it, that it will forward the query to the external dns server.

But it doesn't work, can anyone help ?
0
Comment
Question by:sebastienbo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18754905

You cannot delegate a Wildcard, it simply doesn't work and there's no way to make it work.

This is down to the implementation of the Wildcard in MS DNS. No two implementations of this mechanic seem to be the same, and none really match the RFC which doesn't do what people expect anyway.

You would have to delegate a Subdomain explicitly, or add any records you need within the main domain.

Sorry.

Chris
0
 
LVL 5

Author Comment

by:sebastienbo
ID: 18754949
Well if delegate won't work, is there another solution?

The AD integrated dns offers an option forwarders or conditional forwarders, but thos have effect on a complete domain/zone or on any domain/zone which isn't found in the local dns database.

Under linux I know that you could forward wildcards ns requests to another ns server, windows doesn't le you do that ?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1500 total points
ID: 18754973

Nope, Windows DNS isn't BIND I'm afraid, the two implementations of Wildcards aren't the same (helpful isn't it?).

The only solution is to manually add specific delegations or specific conditional forwarders / stub zones for the Sub-Domains.

It won't forward or attempt to further resolve anything beneath a domain it's authoritative for unless you tell it to.

Chris
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question