How to create a Wildcard root zone on internal DNS

  • Thread starter Thread starter Keith Langmead
  • Start date Start date
K

Keith Langmead

Hi,

We've got a bunch of machines on an internal network which will be used for
public access to some web sites we maintain. In order to prevent (to an
extent) people from going to sites other than those intended, we've setup an
internal DNS server, which has the records for every site we want to allow
access to, so they can view those, but any other sites will fail. The server
is set as the root server, so it simply won't return results for any
addresses that we have not already specified.

What we'd like to do is create a wildcard on the root zone which we can then
point to a specific internal site, so that users see something slightly more
meaningful than a Server Not Found message.

I've tried various combinations of "*" records within the "." zone,
including trying to create a * host, which doesn't seem to be allowed, and
creating a * CNAME record which points to one of the existing site records,
but none of them seem to work.

To test things, I even tried creating a foo.com zone, with a www record
which points to a site on the server (and works), I then added a * cname to
the zone, which from the details I've seen on the subject should allow me to
go to bar.foo.com and view the www.foo.com site, yet that doesn't work. (I'm
using the default site for the testing, so any host header or IP should
work).

I've tried restarting DNS Server and flushing the machines DNS cache, with
no effect.

Can anyone suggest where I'm going wrong? I'm obviously missing something,
but I can't for the life of me work out what!

Thanks
Keith
 
Keith Langmead said:
Hi,

We've got a bunch of machines on an internal network which will be
used for public access to some web sites we maintain. In order to
prevent (to an extent) people from going to sites other than those
intended, we've setup an internal DNS server, which has the records
for every site we want to allow access to, so they can view those,
but any other sites will fail. The server is set as the root server,
so it simply won't return results for any addresses that we have not
already specified.

What we'd like to do is create a wildcard on the root zone which we
can then point to a specific internal site, so that users see
something slightly more meaningful than a Server Not Found message.

I've tried various combinations of "*" records within the "." zone,
including trying to create a * host, which doesn't seem to be
allowed, and creating a * CNAME record which points to one of the
existing site records, but none of them seem to work.

To test things, I even tried creating a foo.com zone, with a www
record which points to a site on the server (and works), I then added
a * cname to the zone, which from the details I've seen on the
subject should allow me to go to bar.foo.com and view the www.foo.com
site, yet that doesn't work. (I'm using the default site for the
testing, so any host header or IP should work).

I've tried restarting DNS Server and flushing the machines DNS cache,
with no effect.

Can anyone suggest where I'm going wrong? I'm obviously missing
something, but I can't for the life of me work out what!
Click to expand...

The DNS Management console only supports creating wildcard records in the
form of a new sub-domain, right click in the zone, select new domain, name
it with a asterisk, then in the sub domain create records with out a host
name to resolve the sub-domain.
 
Excellent, that works a treat. Looks obvious now I see it! :-)

Thanks for your help.
Keith
 
Back
Top