Wild cards in conditional forwarding
chris collins
can I use some sort of wildcard to resolve the dns names
in other words
I need to resolve
(domain1).goofy.micky.mouse.com - dns1
(domain2).goofy.micky.mouse.com - dns2
(domain3).goofy.micky.mouse.com - dns3
I would like to use a conditional forwarding statement like this
*.goofy.micky.mouse.com - DNS1 / DNS2 / DNS3 so that my Resolvers will only
go to the internal DNS servers.
so IS THIS POSSABLE.
Kevin D. Goodknecht Sr. [MVP]
chris collins <caco...@ies.net> wrote their comments
Then Kevin replied below:
I haven't tested your question about using a wild card in a conditional
forwarder. That being said, if you could, and goofy.micky.mouse.com was in
your DNS suffix search list, all queries would be sent to the conditional
forwarder due to the behavior of the system resolver appending this name to
all queries.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
================================================
--
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
================================================
http://www.lonestaramerica.com/
================================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
================================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
================================================
Thomas Lee
<caco...@ies.net> writes
With Windows 2003, you can set this up. You can not do it with Windows
2000 DNS.
You forward domain1.goofy.micky.mouse.com to DNS1, domain2... to dns2,
etc, using the GUI.
HTH
THomas
--
Thomas Lee
doct...@gmail.com
chris collins
not an option in my production network. I would like to use a single entry
with a wild card. failing that I will have to make multiple static entrie
into the conditional forwarding setup on the DNS server. it is important to
note that this is a Windows 2003 network in 2003
"Thomas Lee" <t...@psp.co.uk> wrote in message
news:WH+1hCj7...@mail.psp.co.uk...
chris collins
this is a 2003 network. I just dont want to have to make hundreds of entries
on all of my dns servers. using the wild cards will ease the process. I just
need to know if it will work.
"Kevin D. Goodknecht Sr. [MVP]" <ad...@nospam.WFTX.US> wrote in message
news:%23zSLsdf...@TK2MSFTNGP15.phx.gbl...
William Stacey [MVP]
Setup one forward zone (conditional) for each domain you want to forward -
done.
That said, you don't need forward zones to do this. You could also setup
delegations for each subdomain (i.e. domain1.goofy.micky.mouse.com, etc) and
use the NS records for the respective dns server that is authoritive for
that domain. This is the more common method to delegate a subdomain. Did I
miss your intent?
--
William Stacey, MVP
"chris collins" <caco...@ies.net> wrote in message
news:ejQcTSel...@TK2MSFTNGP15.phx.gbl...
Ace Fekay [MVP]
chris collins <caco...@ies.net> made a post then I commented below
> Right.
>
> this is a 2003 network. I just dont want to have to make hundreds of
> entries on all of my dns servers. using the wild cards will ease the
> process. I just need to know if it will work.
What Kevin is saying, that theoretically it will work based on whether the
search suffix is in place on the machine performing the query by just
creating the wildcard under that zone.
But the same with me, I haven't tested adding a wildcard in a conditional
forwarder. Now its on my todo list...
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Roger Abell [MVP]
but after some type of formulaic forwarding rule
i.e.
domain[1-9].goofy.micky.mouse.com ==> dns$1
such that $1 is the specific digit [1-9] in the instance
IOW I do not see a wildcard in
(domain1).goofy.micky.mouse.com - dns1
(domain2).goofy.micky.mouse.com - dns2
(domain3).goofy.micky.mouse.com - dns3
even if it were possible to define this, but as others have
said, there are 3 rules here
I do not believe you have a chance in a hot wind of
defining the formulaic forwarding rule.
Now, what you could do is avoid the GUI and instead
use programmatic method to define the multiple forwarding
rules (and use it over and over to config each DNS server)
--
Roger
"chris collins" <caco...@ies.net> wrote in message
news:ejQcTSel...@TK2MSFTNGP15.phx.gbl...
William Stacey [MVP]
work like this:
1) You can add a wildcard in conditional forward (CF) name, but does not
work as expected. It is treated like any other char. It does no special
replacement like the * char would in a zone file.
2) So if you create a *.yahoo.com CF zone and enter a bogus server,
www.yahoo.com. will still resolve as the name did not match the CF zone
name, so normal rez is applied. When selecting the Zone (either conditional
or other) the match is done with an "EndsWith" match - meaning the QName
must *end in the name of the zone name (case insensitive.) www.yahoo.com
does not end with "*.yahoo.com." so it does not match the CF zone name and
rez is done as normal. On the other hand www.*.yahoo.com. does end with the
CF zone name, so the forwarder would be tried.
In summary, the fact that it allows "*" in the zone name is probably an
error as I don't think it is a legal char in a domain name (other then a
direct query for wildcard.domainname). However, as it is allowed, you can
think about it as a normal char, as the server does no special processing
with it, but treats it like any other char. HTH
--
William Stacey, MVP
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
message news:eyjWHvu...@tk2msftngp13.phx.gbl...
Ace Fekay [MVP]
William Stacey [MVP] <stacey...@mvps.org> made a post then I commented
below
> Based on testing and some knowledge of selection behavior, it appears
> to work like this:
>
> 1) You can add a wildcard in conditional forward (CF) name, but does
> not work as expected. It is treated like any other char. It does no
> special replacement like the * char would in a zone file.
>
> 2) So if you create a *.yahoo.com CF zone and enter a bogus server,
> www.yahoo.com. will still resolve as the name did not match the CF
> zone name, so normal rez is applied. When selecting the Zone (either
> conditional or other) the match is done with an "EndsWith" match -
> meaning the QName must *end in the name of the zone name (case
> insensitive.) www.yahoo.com does not end with "*.yahoo.com." so it
> does not match the CF zone name and rez is done as normal. On the
> other hand www.*.yahoo.com. does end with the CF zone name, so the
> forwarder would be tried.
>
> In summary, the fact that it allows "*" in the zone name is probably
> an error as I don't think it is a legal char in a domain name (other
> then a direct query for wildcard.domainname). However, as it is
> allowed, you can think about it as a normal char, as the server does
> no special processing with it, but treats it like any other char. HTH
>
Thanks for testing that! I was going to give it a try at work, but you beat
me to it!
:-)
I guess I'm not surprised at the outcome (due to legal characters),
interesting results!
Ace
William Stacey [MVP]
--
William Stacey, MVP
Ace Fekay [MVP]
You're the man!
:-)
Thomas Lee
<caco...@ies.net> writes
>Right.
>
>this is a 2003 network. I just dont want to have to make hundreds of entries
>on all of my dns servers. using the wild cards will ease the process. I just
>need to know if it will work.
Wild cards are not supposed to work as part of forwarding. I can't read
William's message to work out what he's tested, so maybe he's found a
hack. But if you rely on hacks, you may find them changed by a hot
fix/service pack, etc.
That said, I'd like to see formal wild card support added to the GUI and
have suggested it to the DNS PM.
We'll see.
--
Thomas Lee
doct...@gmail.com
William Stacey [MVP]
> William's message to work out what he's tested, so maybe he's found a
> hack. But if you rely on hacks, you may find them changed by a hot
> fix/service pack, etc.
That is basically what my post said also. Wild cards do not work for
forwarding and are treated like normal chars. And when you think about it,
they are not needed as that is the behavior anyway for forward zones.
Anything that ends in the zone name will be forwarded using the forwarders -
so not sure how wildcards would help beyond that behavior? Anyone?
> That said, I'd like to see formal wild card support added to the GUI and
> have suggested it to the DNS PM.
As Kevin pointed out once, it actually is with a twist. You can add the "*"
first using add new domain, then add the A record in that node. Not as easy
as just adding a wild A, but works for now.
--
William Stacey, MVP
Kevin D. Goodknecht Sr. [MVP]
William Stacey [MVP] <stacey...@mvps.org> wrote their comments
Then Kevin replied below:
I kind of think Microsoft did that on purpose, making it not quite so easy
to add a wildcard record. Wildcards can be dangerous in an AD domain IMO. If
that wasn't why they made it hard to add a wildcard, it sounds like a good
enough reason to me. If you know what I mean.
William Stacey [MVP]
and see mainly issues, not solutions with their use.
--
William Stacey, MVP
"Kevin D. Goodknecht Sr. [MVP]" <ad...@nospam.WFTX.US> wrote in message
news:ulGXIxd...@TK2MSFTNGP11.phx.gbl...
Jeff Westhead [MSFT]
goofy.micky.mouse.com queries one set of target DNS servers. But if you need
more granularity you will have to create individual forwarder zones
manually.
"Roger Abell [MVP]" <mvpN...@asu.edu> wrote in message
news:%23ndXsgw...@TK2MSFTNGP11.phx.gbl...