Can someone please help me with the following
I believe it may not be possible without using DNS Policies (am using Windows 2019), even then I see an issue which I will explain below.
Basically I want to do the same thing the writer of the following post wanted to do
The answer to the above post says it was not possible, but I am just creating my post in case things have changed or there is a way, let me explain
I have 50 2019 Windows AD domain controllers (also acting as DNS servers, e.g. AD integrated DNS)
The company I work for has an external DNS zone (looked after by an external DNS provider) which we shall call MyDomain.com
There is a requirement for three DNS host records to resolve to Internal (10.x.x.x) addresses for example host1.MyDomain.com, host2.MyDomain.com and host3.MyDomain.com
these host records will 'not' be used externally (internal host names only).
Now I could add these to the external DNS servers, but this would be a bad ideas as it would expose internal hostnames and their internal IP addresses on a public DNS namespace
If I create a new Primary zone on my DNS servers internally with the same name MyDomain.com then add the above three hosts. When I do DNS resolution internally I can resolve these three hosts but that is all any other host names that are present in that zone hosts externally are not resolved as the DNS server just drops the request because it is the SOA (Primary zone) and it does not hold such a record.
What I wanted to achieve was for the DNS server (even though it considers itself the SOA for the zone) to forward the query to the internet DNS servers if it did not find the particular host record for the zone. However judging from the answer to the above post it looks like this is not possible, can someone please advise?
The other option may be DNS policies, but from what I have read DNS policies (server 2016 and above) creates a 'local flat file' on the DNS server itself as part of the overall solution. I believe (please correct me if wrong) this flat file does not get automatically replicated to the other DNS servers. That would mean setting up and maintaining the same DNS policies on 50 domain controllers which is messy. In any event would DNS policies solve my problem I am trying to address here?