DNS wildcard entries within UMC?

mschlee · March 15, 2019, 9:54am

Hi, I added a DNS zone “abc.de” in order to access internal and external servers over the same domain. I then added a couple of host entries such as:

This works well, and I also have a host entry for “www” which points to an external IP address. Now the website “www.abc.de” redirects to “abc.de”. This is no problem if the website is accessed externally. Internally it gives an error as “abc.de” can not be resolved. I tried to add the host entries * or *. but this did not work.

Are there any ways to add a wildcard DNS entry from within UMC ?

Thanks - Martin

Moritz_Bunkus · March 15, 2019, 10:01am

You should be able to create and use wildcard host entries. I tried that two years ago; see this post.

mschlee · March 15, 2019, 10:44am

Okay, that works for “xyz.abc.de” where I can replace “xyz” with anything. But it does not work for “abc.de” alone …

Martin

Moritz_Bunkus · March 15, 2019, 10:49am

That’s right, because the wildcard is for *.abc.de, meaning anything beneath that. If you want to change the A record returned for a query for abc.de, you would have to edit the zone itself in the UMC (right-click on the zone in the tree on the left). However, UCS already inserts the A & AAAA records of all Samba AD DCs for the domain itself. Removing them won’t work, they’ll be added back. And yes, that is intentional behavior for any AD domain, no matter if it’s served by Samba or Windows AD DCs.

Why? So that UNCs such as \\my.domain\…\ resolves to an AD DC. Like I said, standard behavior.

And that’s one more reason why using the same name for a UCS domain and a publicy-resolvable domain is a really, really bad idea.

mschlee · March 15, 2019, 12:15pm

And that’s one more reason why using the same name for a UCS domain and a publicy-resolvable domain is a really, really bad idea.

Yeah, I agree.

Is there any way to simply instruct the UCS DNS to resolve a specific address “abc.xyz.de” to an internal IP without adding “xyz.de” as a DNS zone ? This is actually what is desired: instead of going out into the Web, and route it back over the firewall we want to resolve this particular address to an internal IP.

Thanks for shared thoughts - Martin