Learn how to a build a cloud-first strategyRegister Now


Making a DNS zone authoritative for only a single record in a domain?

Posted on 2010-01-04
Medium Priority
Last Modified: 2012-05-08
Is there some way to create a DNS zone that is authoritative for only a single A record that would treat the rest of the zone like a cache-only server?

In other words, I need to setup a DNS server for a private network that will return a different IP address for a certain record than what the internet DNS servers will return.

For example, say my domain is corp.com and my Internet DNS has a record for vpn.corp.com which points to  On my internal private network, I need vpn.corp.com to resolve to

I know I could set up a local DNS server which is authoritative for corp.com and put the record there, but I don't want to have to update this local DNS zone every time the "real" DNS zone is updated (which happens fairly frequently).

Unfortunately I don't have any access to make changes to the public DNS servers or zone files for corp.com.

It would be great if I could find some way to have a zone file on my local DNS server that is only authoritative for the vpn.corp.com record, and if it needed to resolve any other records for the corp.com domain it would act just like a cache-only server and forward those requests on.

I haven't set anything up yet so I'm able to use pretty much whatever software will work.  I prefer something that is free and will work on Linux.
Question by:FWeston
LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 26175051

You're so close, just needed a step back...

Create a zone called "vpn.corp.com", add a Host (A) record with a blank name (or "@ IN A <IPAddress>") and you have exactly the override for a single name you appear to be after :)



Author Closing Comment

ID: 31672611
Perfect, I actually thought of this right after I posted the question.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question