Using specific dns server for specific domains

I use unblock-us.com dns servers at work to access to pandora.com. Our company is using lots of *.mycompany.internal domains for company stuff. Of course unblock-us can't resolve them and I'm really sick of adding every one of them to the hosts file. Is there a way to use company dns server for mycompany.internal domains and other dns server for the rest? This is for my personal computer, can't change anything on company dns settings.

Solution:

I've ended up usind Deadwood, recursive dns server for MaraDNS, thanks to Jens Ehrich. This is my Deadwood config file (dwood3rc.txt):

# Please note that each upstream_servers entry takes up space in Deadwood's
# cache and that maximum_cache_elements will need to be increased to store
# a large number of these entries.
upstream_servers = {}
upstream_servers["."] = "8.8.8.8, 8.8.4.4" # Google DNS as example

# To have Deadwood perform DNS queries for a small LAN and have the DNS server
#  on 192.168.1.111 resolve queries ending in "internal":
root_servers = {}
root_servers["internal."]="<my.company.dns.ip1>, <my.company.dns.ip2>"

# The IP this program has 
bind_address="127.0.0.1"

# The IPs allowed to connect and use the cache
recursive_acl = "127.0.0.1/16"

# The file containing a hard-to-guess secret
random_seed_file = "secret.txt" # created with mkSecretTxt.exe from MaraDNS

# By default, for security reasons, Deadwood does not allow IPs in the
# 192.168.x.x, 172.[16-31].x.x, 10.x.x.x, 127.x.x.x, 169.254.x.x,
# 224.x.x.x, or 0.0.x.x range.  If using Deadwood to resolve names
# on an internal network, uncomment the following line:
filter_rfc1918 = 0

And then just used install.bat in Deadwood folder.

dstr

Posted 2016-11-22T10:56:37.273

Reputation: 163

Answers

You can do this with DNS zone delegation.

First, set up another DNS server (on your own machine is fine) that uses unblock-us.com DNS as a forwarder. You could use something like Simple DNS, MaraDNS, or a local virtual machine running Linux or Windows Server.

Second, add a delegate zone for your company's network that points to your company's DNS servers.

Third, configure your network card to use your new DNS server as the primary name server.

Jens Ehrich

Posted 2016-11-22T10:56:37.273

Reputation: 805

Have you tried this PowerShell command? Seems a lot easier.

Add-DnsClientNrptRule -Namespace "pqr.com" -NameServers "10.0.0.1"

Reference: https://docs.microsoft.com/en-us/powershell/module/dnsclient/add-dnsclientnrptrule?view=win10-ps

aoetalks

Posted 2016-11-22T10:56:37.273

Reputation: 423

That would have been great - but unfortunately does not work on my Wondows 10 machine (the command goes though is an Administrator powershell but the extra resolution does not work) – WoJ – 2019-01-30T16:55:20.447

Thank you! Worked fine on a Windows 8.1 machine. – Igettäjä – 2019-04-01T17:30:18.883

This doesn't seem to be present on w7. Is this is a Windows 8/2012 or 10/2016 only? – computergeek125 – 2019-04-08T21:47:40.737

@WoJ The domain needs to be prepended with a dot if you want all sub domains to go to the custom nameserver. Also nslookup is not NRPT aware so you can't test using that (try ping instead). Example: Add-DnsClientNrptRule -Namespace ".example.com" -DnsSecEnable -NameServers "10.0.0.1" – corford – 2019-12-06T22:26:06.727

@corford I just checked and it does not work either. I had a look at the network traffic and the DNS query still goes to the default DNS server, and not the one defined in the command (for a query on the domain in the namespace) – WoJ – 2019-12-11T10:28:19.223