Taking advantage of the fact that DNS will always respond with an authoritative answer if it has one allows exceptions for single hosts. In essence, using DNS as a centralised hosts file.
This is a usage scenario:
- Using a private AD domain. e.g. internal.indented.co.uk
- Hosting a public web server within the AD domain. e.g. www.indented.co.uk
- Internal clients cannot access the server using the public IP (a routing restriction)
At this point DNS can be used in two ways to address the issue.
Either claim authority for the entire domain, e.g. indented.co.uk. The disadvantage of this is that every other record under the domain must be duplicated in the private version (Split Brain DNS) or it will fail to resolve. For example, attempting to access portal.indented.co.uk would fail unless it was also added.
Or, a zone can be created using the full name of the service, i.e. naming the zone www.indented.co.uk. Adding a Host (A) record to the zone with a blank name will allow the zone name to resolve to an IP address, in exactly the same way as names other domains are resolved.
The full step of steps for this is as follows:
- Open the DNS Console (from Administrative Tools)
- Expand Forward Lookup Zones
- Create a new zone
- Type is either (Standard) Primary or Primary and Active Directory Integrated
- Replication Scope can remain default (if applicable)
- Zone Name should be the name of the host, e.g. www.indented.co.uk
- Select “Do not allow dynamic updates”
Then add a record so the name resolves back to an IP:
- Select the new zone (e.g. www.indented.co.uk)
- Right click and select “New Host (A)…”
- Leave the Name Blank
- Enter the IP Address
Note that an Alias, or CNAME, cannot be used. CNAME records cannot share resource names. In this case the resource name is www.indented.co.uk and is currently shared with NS records and the SOA record because it is being treated as a domain.
Finally, the change can be tested by running these commands: