Solved

Windows Workstations (Conditional DNS Servers)

Posted on 2013-11-18
9
476 Views
Last Modified: 2013-11-18
Is it possible to have DNS requests sent to different servers within Windows conditionally (e.g. all requests for resolution of abc.com to 1.1.1.1 and then everything else to 2.2.2.2)?

The premise being similar to conditional forwards on DNS servers but for clients.
0
Comment
Question by:DaveQuance
  • 5
  • 4
9 Comments
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 39656805
only way I can think of is to manually map abc.com via the hosts file

%systemdrive%\windows\drivers\etc\hosts
0
 

Author Comment

by:DaveQuance
ID: 39656842
Yes but that's for individual FQDNs and is static. I'm hoping for a way to contact a DNS server and pull the current records for the entire domain.
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 39657076
I'm not sure I follow what you mean by entire domain.  do you mean you also want to pull records for subdomains too?  I'm having trouble understanding because If you're looking to contact an alternate DNS server for specific domain names, that should be an option in the hosts file.  If the hosts file is not sufficient, or if the targets are changing and need to be name resolved on the regular, than you will probably have to set up a dns server somewhere on your local network or on the local machine
0
 

Author Comment

by:DaveQuance
ID: 39657239
"If you're looking to contact an alternate DNS server for specific domain names"
Exactly.

So the hosts file does does have options for something like this? I'll do some web searches on hosts file options.

Scenario:
 I have a standalone workstation with normal ISP provided DNS servers. I have a site to site VPN to another location that contains some internal zones. I'd like to be able to reference those records for various reasons (some certificate related).
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:DaveQuance
ID: 39657512
I've been looking at options for the hosts file but I don't really see anything other than:

<ip>     <name>

lmhosts didn't seem to be helpful for this goal either.
0
 
LVL 9

Accepted Solution

by:
Trenton Knew earned 70 total points
ID: 39657745
hosts is for domain resolution, whereas lmhosts is for local windows machine hostname resolution.

there is an article on SuperUser that suggests using a DNS proxy on your local machine, which supports wildcards in mappings.  maybe some other proxy DNS service can run on that local machine.

stackoverflow.com/questions/138162/wildcards-in-a-hosts-file/4166967#4166967

would this help?
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 39657754
The only other thing I can think of, is to configure a local DNS on the machine, or on the local network.  Make your internally or local controlled DNS the primary, and then use your other name server as the backup
0
 

Author Comment

by:DaveQuance
ID: 39657971
The DNS Proxy you mentioned reads like it will do the job. The quick test I put together didn't work as I wanted but I haven't had time to fully read the info on it (so I'm probably just doing something wrong). I'll let you know tomorrow when I have more time to spend on it.
0
 

Author Closing Comment

by:DaveQuance
ID: 39658016
The solution of TrentonKnew provided, Acrylic DNS Proxy Service, did exactly what I was looking for.

Note: If you use it, there's an allowed IP list to use access the service that doesn't allow anything by default (including the local machine).
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now