Computers & ProgrammingComputers & NetworkingWindows Server

How to be Authoritative for a Single Host Name in DNS

In the unusual and uncommon situation where you need to have a specific hostname resolved to a different IP than what the authoritative source has configured, you can do so by using this simple technique in DNS.

For instance, let’s say in the case of the domain, domain1.com, the zone that stores records in that domain. The DNS servers that host the zone for domain1.com are “Authoritative” for the domain and have the final “say” regarding which IPs the hostnames will resolve to.

If you were to create a zone on your internal DNS servers called, domain1.com, then your DNS servers would be “Authoritative” as well. The only difference is that the “.com” DNS servers would never refer any queries to your DNS servers. However, if you have that zone hosted on your DNS an internal user points to your DNS for a query in that domain, your DNS server will answer with an “Authoritative” response.

This is logical since your DNS server is now hosting the domain. If your DNS server doesn’t have the answer to a query, it would simply respond indicating that the record could not be found. It would not forward the request to the internet. Why would it, remember, it’s now “Authoritative”.

So using this example, let’s now say that you were partnered with us and you were doing some web development within your network and you wanted your developers to hit your internal website (domain1.com webpage) so that your team can “work out” all of the bugs prior to going production.

Well, your team could use local HOSTS files, but you may have dozens of developers. So that idea wouldn’t work too well. Then you may ask your DNS Administrator to create a zone for anITKB.com, but now your DNS server would become “Authoritative”.

You do not want to do that because you would not be able to resolve any of our hostnames, or even send us, your customer, a simple email address because you would not have the proper records located. Remember, if you host the zone, you are Authoritative. No need to forward any requests out to the Internet.

So the answer is simple, create a zone for the specific record on your internal DNS. You will only create a “blank” record with the IP address of the resource the name resolved to. That’s it!

When a query is sent to your DNS server for that special hostname, let’s call it specialHost.domain1.com, your DNS server will respond because it is “Authoritative” for that zone (even though it only has one record).

Your DNS server will NOT respond to any other query within that domain, anITKB.com, because, well… it’s not “Authoritative” for the domain called “domain1.com”.

Here are the steps to be Authoritative for a Single Host Name in DNS

  1. Start the DNS Admin console.
  2. Create a New Forward Lookup Zone.
  3. The name of the domain you are establishing in this case is the host name, not the domain name. For example, specialHost.domain1.com.
  4. Complete the creation of the zone.
  5. You will now see that the zone has been created called specialHost.domain1.com with two records created by default: an NS record and a SOA record.
  6. Next, create a new Host (A) record.
  7. This record has no name, leave it blank.
  8. Provide the IP address for the resource, specialHost.domain1.com for the blank record.
  9. Done!
d9761375d5194b039f6ad9b33a745d1f

From your internal network, you will still be able to resolve all host names in the domain1.com domain because your DNS server is not “Authoritative” for the zone. However, when your DNS server receives a query for specialHost.domain1.com, it will respond and not forward the query out to the internet.

Of course, you understand that specialHost is simply a generic hostname that we are using in this summary as an example. In your case, if you wanted to control “www“, you would have created the zone called, www.domain1.com.

Leave a Comment

Your email address will not be published.

Scroll to Top