• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 510
  • Last Modified:

Windows Workstations (Conditional DNS Servers)

Is it possible to have DNS requests sent to different servers within Windows conditionally (e.g. all requests for resolution of abc.com to 1.1.1.1 and then everything else to 2.2.2.2)?

The premise being similar to conditional forwards on DNS servers but for clients.
0
DaveQuance
Asked:
DaveQuance
  • 5
  • 4
1 Solution
 
Trenton KnewOwner / Computer WhispererCommented:
only way I can think of is to manually map abc.com via the hosts file

%systemdrive%\windows\drivers\etc\hosts
0
 
DaveQuanceAuthor Commented:
Yes but that's for individual FQDNs and is static. I'm hoping for a way to contact a DNS server and pull the current records for the entire domain.
0
 
Trenton KnewOwner / Computer WhispererCommented:
I'm not sure I follow what you mean by entire domain.  do you mean you also want to pull records for subdomains too?  I'm having trouble understanding because If you're looking to contact an alternate DNS server for specific domain names, that should be an option in the hosts file.  If the hosts file is not sufficient, or if the targets are changing and need to be name resolved on the regular, than you will probably have to set up a dns server somewhere on your local network or on the local machine
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
DaveQuanceAuthor Commented:
"If you're looking to contact an alternate DNS server for specific domain names"
Exactly.

So the hosts file does does have options for something like this? I'll do some web searches on hosts file options.

Scenario:
 I have a standalone workstation with normal ISP provided DNS servers. I have a site to site VPN to another location that contains some internal zones. I'd like to be able to reference those records for various reasons (some certificate related).
0
 
DaveQuanceAuthor Commented:
I've been looking at options for the hosts file but I don't really see anything other than:

<ip>     <name>

lmhosts didn't seem to be helpful for this goal either.
0
 
Trenton KnewOwner / Computer WhispererCommented:
hosts is for domain resolution, whereas lmhosts is for local windows machine hostname resolution.

there is an article on SuperUser that suggests using a DNS proxy on your local machine, which supports wildcards in mappings.  maybe some other proxy DNS service can run on that local machine.

stackoverflow.com/questions/138162/wildcards-in-a-hosts-file/4166967#4166967

would this help?
0
 
Trenton KnewOwner / Computer WhispererCommented:
The only other thing I can think of, is to configure a local DNS on the machine, or on the local network.  Make your internally or local controlled DNS the primary, and then use your other name server as the backup
0
 
DaveQuanceAuthor Commented:
The DNS Proxy you mentioned reads like it will do the job. The quick test I put together didn't work as I wanted but I haven't had time to fully read the info on it (so I'm probably just doing something wrong). I'll let you know tomorrow when I have more time to spend on it.
0
 
DaveQuanceAuthor Commented:
The solution of TrentonKnew provided, Acrylic DNS Proxy Service, did exactly what I was looking for.

Note: If you use it, there's an allowed IP list to use access the service that doesn't allow anything by default (including the local machine).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now