How to create Origin (@) DNS record in Windows DNS Server

WCoInc

7/31/24, 7:45 PM

I am running Active Directory, and have a Domain Controller with a DNS server for my internal (acmecorp.acme.com) and external (acme.com) domains.

So, my machine names are things like workstation1.acmecorp.acme.com, and my website (hosted externally) is www.acme.com.

For public access, I have replicated the DNS entries as needed (like www.acme.com, ftp.acme.com, acme.com, etc) to a public DNS server.

The problem is that in Windows Active Directory, the DNS server doesn't allow me to enter the 'origin' or '@' DNS record for just acme.com (the public DNS server does). So as a result, nobody inside my network can access https://acme.com, only https://www.acme.com. Anyone outside the office can access https://acme.com, which does a redirect to https://www.acme.com.

In summary, outside my office, the public DNS lets me setup an '@' record for acme.com, but I can't figure out how to setup the same thing with the Windows DNS server.

How can our internal users access our web site using the url https://acme.com and not only https://www.acme.com?

Thanks in Advance

294

1 + 2

domain-name-system

windows

active-directory

Håkan Lindqvist

7/31/24, 8:52 PM

What are you trying to do specifically and what happens? I don't think `@` specifically is relevant in the context of Windows DNS, but adding an address record at whatever name sounds like it should just work?

WCoInc

8/2/24, 2:00 PM

Thanks for the comment. I am trying to allow my network users to ping/access "acme.com" in the same way the general public can. However, my network users are using our AD DC as the DNS server, and I can't add "acme.com" to that DNS server. It seems to require a host name (like www, which I already have).

Score:4

Server

Keith Langmead

7/31/24, 9:46 PM

The @ record that you see shown in some DNS server interfaces is just a simple way to indicate that the record relates to the domain it's created within, not a separate host.

Within Windows DNS Server it doesn't use the @ symbol to reflect that fact when using the Windows UI, instead you simply create the Host (A) record with a blank entry in the Host field, and enter the IP address. That's why the description on that field is shown as "Host (uses parent domain if left blank)".

Once added the DNS UI shows the record with the name listed as "(same as parent folder)".

Curiously, if you script it with Powershell it does then use the "@" to do the same thing. For instance

Add-DnsServerResourceRecordA -IPv4Address $ipaddr -Name "@" -ZoneName $domain
Add-DnsServerResourceRecordA -IPv4Address $ipaddr -Name "www" -ZoneName $domain

Where the first add an A record to the domain itself, while the second for comparison adds the www record to it.

+ 1

WCoInc

8/2/24, 2:05 PM

Thank you Keith, your solution was clear, concise, and perfect. I could have sworn I tried adding without any Host entry, but apparently I may have done something else wrong.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to create Origin (@) DNS record in Windows DNS Server

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.