Conditional Forward Rules and Subdomains

Around a week ago i redid my lab network and added 2 new domain controllers. I used one of my website domains as the lab domain to mimic how a corporation could be setup.

So the domain for my network was “voltdrift” and the website domain is externally hosted with the domain of “www.voltdrift.com

The Problem: DNS will not resolve subdomains.

Ones I was done I noticed I could not get to the website. The DNS on the domain controller would not resolve it. I thought I knew how to fix this and all I needed was a new delegation for the “www” subdomain. I could have sworn that’s how I did it on Windows Server 2012 but for some reason, it would not work in Windows Server 2019.

DNS Conditional Forward

So after a few hours of messing with it off and doing some reading, it seemed like a “Conditional Forward” was what I needed. But there was a problem. When I tried to add one I got this error.

“A problem occurred while trying to add the conditional forwarder. A zone configuration problem occurred.”

 conditional forward error

It seems that because my local domain is “voltdrift” the domain controller / DNS did not want to add any conditional forward rules dealing with that domain.

The Work Around

The way to get around this error is to trick the DNS server into thinking it is not in control of that domain/subdomain. Or at least that’s how I understand it. We do this by adding a new delegation to the DNS server for that subdomain.

Then we point that delegation to our Domain Controller / DNS server. I know it seems kind of silly. I have 2 so in my case, I pointed it to both of them.

Now we can setup a new conditional forward without the error.

Make sure you check that box if you want the conditional forwards to replicate to all your other DNS servers.

Now the conditional forward works

Now you’re DNS should be able to resolve your website under the subdomain www.

I still feel like this was easier in the past but this is how I got it working on a Windows Server 2019 DNS. So I thought it would be a good idea to document the process. I hope it has helped you!

If you know of a better way please let me know in the comments below! I’d love to hear about it.

Would you kindly share this post?

2 thoughts on “Conditional Forward Rules and Subdomains

  1. alex.lu

    Another scenario about DNS:

    On your domain controller ,your DNS is the authoritative server of this zone: voltdrift.com
    On your DNS server, you forward all none authoritative DNS resolution request to 8.8.8.8

    But you also want to create a conditional forwarder on your DNS server. and the forwarder is 1.1.1.1 — All DNS resolution request for google.com and its subdomain xxx.google.com will use 1.1.1.1 to do the job.

    When I try that on my my server, in Conditional Forward wizard , the DNS domain is google.com ,the forwarder is 1.1.1.1, when I resolve google.com , it will use 1.1.1.1 ,but when I resolve http://www.google.com , it will use 8.8.8.8.

    Why it doesn’t use 1.1.1.1 to resolve all subdomain of google.com. What I should do if I want to implement that.

    Any idea ?

    Reply
    1. Zack Post author

      As far as DNS is concerned http://www.google.com and google.com are 2 different sites. So when you put in http://www.google.com the DNS sees no rules for that so it’s falling back on your global forward to 8.8.8.8.

      If you want a rule for all domains you might be able to make a rule with a wildcard. Maybe something like *.google.com. But I’m not sure if Windows DNS supports wildcards. I’m a few days travel away from my network lab so I can’t test it.

      It could also be easier to flip your rules depending on your end goal. Set your DNS to always use 1.1.1.1 and then use 8.8.8.8 for the domains you want it on.

      I hope this helps you find your answer. Good luck my friend!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *