Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 918
  • Last Modified:

Forward DNS zone

Hi All,

We have an internal and an external DNS server.  And I have been asked to setup forwarders on the internal DNS server, this has worked well.  However if it has a zone but no record it doesn't forward the request.

I get the following error when i try to forward zone it has records for;

The server forwarders cannot be updated.
The zone already exists.


What are my options.
0
detox1978
Asked:
detox1978
  • 8
  • 6
2 Solutions
 
KCTSCommented:
This is as expected - if the DNS server hosts a zone then it is said to be authoratitive for that zone and can issue either the IP or a 'not found' response to a DNS lookup request.

A forwarder will only be used if there is a request for a DNS lookup for a zone for which it is not the host.
0
 
detox1978Author Commented:
Is there a way around this?

An external company runs the external DNS server and every so often they will add new records to their server and not tell us.

All there records are public DNS, if that helps.
0
 
KCTSCommented:
You should only have zones in your DNS for the domains that you have.

Use forwarders or conditional forwarders to point at external domains
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
detox1978Author Commented:
is there a way to remove the SOA?

Maybe setup another DNS server and transfer the records?
0
 
KCTSCommented:
I'm trying to figure out what your setup - can you explain a bit more?

You have a domain with a DNS server for your own domain - so where does the other zone come from ?
0
 
detox1978Author Commented:
The have a head office that runs the DNS accessible to the internet.

There are 20+ local sites, each with there own DNS server.  At the moment when a new record is added to the head office DNS server I have to manually add it to our local DNS server.  I was hoping i could just setup DNS forwarding.
0
 
detox1978Author Commented:
Head office runs a UNIX DNS server and the local sites each have their own setup as we don't swap data.
0
 
KCTSCommented:
Im not sure I understand "DNS accessible to the internet" - publically accessable from the internet - not very secure!!!

Where you have miltiple sites you can simply have multiple AD Integrated DNS servers, the DNS will replicate automatically and no maintenence is required - this would be the preferred option.

Alternatively the DNS server on the main site can be configured to use zone transfers to update DNS data from itself to a secondary DNS server at the local site - this could be used if AD integrated DNS was not used.
0
 
KCTSCommented:
As its unix the you will have to use Zone transfers - this will do the job nicely.

The DNS at head the main site can be confugured to transfer its zone to your secondary server on a regualr basis.
0
 
detox1978Author Commented:
how does it work regarding overwriting their records.

e.g. local.mycompany.com needs to be 10.0.10.100 for us, but is a public IP on their server.
0
 
KCTSCommented:
It doesn't - s secondary zone is a read-only zone - it can only be updated by the primary (in this case the unix), server
0
 
detox1978Author Commented:
i can just use root hints to read there server.  or point at it directly.

I need to use ours then theirs.
0
 
detox1978Author Commented:
I raised a call with Microsoft support and it turns out there's a DNS trick to achieve this.

If i create an unused zone i.e. dns.local

I can then use DNSCMD to create the records in that zone using their FQDN.  It turns out DNS is loaded into cache without its zone information.

0
 
detox1978Author Commented:
resolved using MS support
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now