Adding Single DNS hosts for external zones to a Windows DNS Server

If you need to add a single A record to your windows DNS server that is not part of your primary zone you may be wondering how you can do that without preventing forward lookups for the rest of the zone. For example if you want to force client machines to only connect to the local version of Google for specific products you do not want to prevent lookups of other Google subdomains. For our example we will use books.google.co.za and setup the record in a way which will resolve books.google.co.za to the address we want without preventing lookups of mail.google.co.za for example.

The trick with Windows DNS servers is actually quite simple and if you already know you way around just add a FQDN zone and a blank A record inside the zone. (cliffnotes version).

The long step by step guide looks like this. Firstly you need to create a new primary zone for the host name you which to resolve. Use the full host name. I know this seems crazy and opposite to any logic for those of us used to Unix style forwards but trust me it works. (It works in UNIX as well if you are not using forwarders)

new primary dns zone - name

I am excluding most of the wizard setups but it is very simple stuff, you just need to create a new DNS file and set updates (set to no). Really no need to add screenshots. Once you have created your new forward look up zone you need to create an A (Host) record to look up your 3rd party domain. As you can see in the Screenshot you leave the name blank and since you won’t have a reverse zone uncheck the PTR creation. I will assume you have the IP address already Tongue out

dns a record blank

Once done your Zone and A record should look like this, I removed some information but you can see the record in question as an example.

dns record for external host

And just like that you will be able to resolve a host which is not in your domain without creating extra work for yourself using your Windows DNS server. As a small disclaimer you should remember that by doing this you prevent clients from reaching backup servers for the host unless you add records for the other addresses as well but we are assuming your goal is to force resolution to a specific host. Rinse and Repeat for any other hosts you need to add

Leave a Reply