4
4
I use unblock-us.com dns servers at work to access to pandora.com. Our company is using lots of *.mycompany.internal domains for company stuff. Of course unblock-us can't resolve them and I'm really sick of adding every one of them to the hosts file. Is there a way to use company dns server for mycompany.internal domains and other dns server for the rest? This is for my personal computer, can't change anything on company dns settings.
Solution:
I've ended up usind Deadwood, recursive dns server for MaraDNS, thanks to Jens Ehrich. This is my Deadwood config file (dwood3rc.txt):
# Please note that each upstream_servers entry takes up space in Deadwood's
# cache and that maximum_cache_elements will need to be increased to store
# a large number of these entries.
upstream_servers = {}
upstream_servers["."] = "8.8.8.8, 8.8.4.4" # Google DNS as example
# To have Deadwood perform DNS queries for a small LAN and have the DNS server
# on 192.168.1.111 resolve queries ending in "internal":
root_servers = {}
root_servers["internal."]="<my.company.dns.ip1>, <my.company.dns.ip2>"
# The IP this program has
bind_address="127.0.0.1"
# The IPs allowed to connect and use the cache
recursive_acl = "127.0.0.1/16"
# The file containing a hard-to-guess secret
random_seed_file = "secret.txt" # created with mkSecretTxt.exe from MaraDNS
# By default, for security reasons, Deadwood does not allow IPs in the
# 192.168.x.x, 172.[16-31].x.x, 10.x.x.x, 127.x.x.x, 169.254.x.x,
# 224.x.x.x, or 0.0.x.x range. If using Deadwood to resolve names
# on an internal network, uncomment the following line:
filter_rfc1918 = 0
And then just used install.bat
in Deadwood folder.
That would have been great - but unfortunately does not work on my Wondows 10 machine (the command goes though is an Administrator powershell but the extra resolution does not work) – WoJ – 2019-01-30T16:55:20.447
Thank you! Worked fine on a Windows 8.1 machine. – Igettäjä – 2019-04-01T17:30:18.883
This doesn't seem to be present on w7. Is this is a Windows 8/2012 or 10/2016 only? – computergeek125 – 2019-04-08T21:47:40.737
@WoJ The domain needs to be prepended with a dot if you want all sub domains to go to the custom nameserver. Also nslookup is not NRPT aware so you can't test using that (try ping instead). Example: Add-DnsClientNrptRule -Namespace ".example.com" -DnsSecEnable -NameServers "10.0.0.1" – corford – 2019-12-06T22:26:06.727
@corford I just checked and it does not work either. I had a look at the network traffic and the DNS query still goes to the default DNS server, and not the one defined in the command (for a query on the domain in the namespace) – WoJ – 2019-12-11T10:28:19.223