How to be Authoritative for a Single Host Name in DNS

Friday, October 28, 2011

In the unusual and uncommon situation where you need to have a specific host name resolve to a different IP than what the authoritative source has configured, you can do so by using this simple technique in DNS.

For instance, let's say in the case of the domain,, the zone which stores records in that domain. The DNS servers that host the zone for are "Authoritative" for the domain and have the final "say" regarding which IPs the host names will resolve to. If you were to create a zone on your internal DNS servers called,, then your DNS servers would be "Authoritative" as well. The only difference is that the ".com" DNS servers would never refer any queries to your DNS servers. However, if you have that zone hosted on your DNS an internal user points to your DNS for a query in that domain, your DNS server will answer with an "Authoritative" response. This is logical since your DNS server is now hosting the domain. If your DNS server doesn't have the answer to a query, it would simply respond indicating that the record could not be found. It would not forward the request to the internet. Why would it, remember, its now "Authoritative".

So using this example, let's now say that you were partnered with us and you were doing some web development within your network and you wanted your developers to hit your internal website ( webpage) so that your team can "work-out" all of the bugs prior to going production. Well your team could use local HOSTS files, but you may have dozens of developers. So that idea wouldn't work too well. Then you may ask your DNS Administrator to create a zone for, but now your DNS server would become "Authoritative". You do not want to do that because you would not be able to resolve any of our host names, or even send us, your customer, a simple email address because you would not have the proper records located. Remember, if you host the zone, you are Authoritative. No need to forward any requests out to the Internet.

So the answer is simple, create a zone for the specific record on your internal DNS. You will only create a "blank" record with the IP address of the resource the name resolved to. That's it! When a query is sent to your DNS server for that special host name, lets call it, your DNS server will respond because it is "Authoritative" for that zone (even though it only has one record). Your DNS server will NOT respond to any other query witin that domain,, because, well... its not "Authoritative" for the domain called "".

Here are the steps to be Authoritative for a Single Host Name in DNS

  1. Start the DNS Admin console.
  2. Create a New Forward Lookup Zone.
  3. The name of the domain you are establishing in this case is the host name, not the domain name. For example,
  4. Complete the creation of the zone.
  5. You will now see that the zone has been created called "" with two records created by default: an NS record and a SOA record.
  6. Next, create a new Host (A) record.
  7. This record has no name (leave it blank).
  8. Provide the IP address for the resource, for the blank record.
  9. Done!

authoritive domain

From your internal network, you will still be able to resolve all host names in the domain because your DNS server is not "Authoritative" for the zone. However, when your DNS server receives a query for, it will respond and not forward the query out to the internet. Of course you understand that specialHost is simply a generic host name that we are using in this summary as an example. In your case if you wanted to control "www", you would have created the zone called,

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed