0

I have an Active Directory server (Win2012R2) which provides DNS to a set of Windows Servers and which currently only contains those servers' DNS names/IPs and forwards other requests to a public DNS resolver. I also have a PowerDNS Authoritative server in the network (currently not connected to anything) which contains some DNS records (A and PTR) for both internal and external IPs/services which I'd like to be able to use.

What I can't seem to figure out is if it's possible to configure Active Directory to receive a DNS query from the servers, check its internal DNS service first for a match, then ask the PowerDNS Authoritative server if it has the entry and if not, ask the public resolvers as a last resort.

The names in the PowerDNS server are from pretty much any DNS/reverse zone imaginable and not just from ".company.local" or something.

Also, I'd really prefer not to connect the Windows Servers to the PowerDNS service as their primary DNS servers since that'll most likely brake something.

Any idea if that's possible without going through each zone and doing a conditional forward for each one at a time or something (not sure that'd work either)?

Hace
  • 51
  • 1
  • 3
  • Maybe I'm just being a bit simple and should just set the PowerDNS server as a forwarder in Active Directory? Is that going to blow up somehow? – Hace Mar 02 '17 at 13:14
  • 1
    Why not just configure the PowerDNS servers as forwarders for the AD DNS servers? Any queries for zones that the AD DNS servers are not authoritative for will then be forwarded to the PowerDNS servers. Is that what you're asking? – joeqwerty Mar 02 '17 at 15:02
  • While forwarding works for the addresses where PowerDNS is authoritative (like ".powerdns.local" or whatever), it doesn't do what I'd need if PowerDNS Authoritative has a zone but not the specific IP/DNS that is asked for, even if that IP/DNS name is visible on the public DNS server. For example: PowerDNS has the IP for somedevice.company.com but not the IP for emailservice.company.com. Public DNS has the IP for emailservice.company.com. AD queries for emailservice.company.com, PowerDNS doesn't have it but AD doesn't ask the next forwarder. This makes sense but isn't what I need. – Hace Mar 03 '17 at 08:45

0 Answers0