Can the DNS in router be instructed to forward specific domain to another server?

[ADFHogan]

I was wondering, is it possible to instruct the DNS server in the router to forward a specific domain's queries to a specific server?

I have one of the routers I look after (an RT-AC5300) set up to use OpenDNS as its upstream, with AiProtect enabled also.

Today, after quite some time (more than a year I'd guess), one of the computers started exhibiting login issues via RDP ("an authentication error has occurred" "the local security authority cannot be contacted"). I was unable to connect to the computer remotely unless I overrode NLA and then one of the domain user accounts would fail. I followed all of the diagnostics, then went to remove and re-add the affected computer from the domain. When I went to re-add it to the domain, it complained when I used the ".local" variant of the domain, complaining it couldn't resolve a particular DNS entry for the DC.

I was able to successfully re-pair the machine to the domain using the old single word version of the domain, and things are continuing, but I'm not sure this is going to be a long term solution, particularly if Windows 10 systems start exhibiting the same symptoms.

Is there a way to instruct the DNS service within the router to route all requests for a specific domain to a different DNS server other than the default.

Eg. Request for example.local zone forwarded to IP of DC instead of OpenDNS

It's a small office, with guests sharing their internet, but on a guest WiFi. Guest segment can't be isolated to internet only if internal DNS on non-guest segment in use, hence having router do DNS + DHCP.

 

[EmeraldDeer]

Have not tried it, but take a look at "--server=" in http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

 

[dave14305]

People do it all the time in the Stubby thread to allow ntp.org to resolve via 1.1.1.1 before Stubby is functional.

server=/pool.ntp.org/1.1.1.1

 

[unsynaps]

People do it all the time in the Stubby thread to allow ntp.org to resolve via 1.1.1.1 before Stubby is functional.

server=/pool.ntp.org/1.1.1.1

But DNSSEC is shut off for that entry.

 

[ColinTaylor]

But DNSSEC is shut off for that entry.

As I understand it that's not a problem for the OP as he is forwarding to his own internal server.

@ADFHogan .local should not be used as a local domain name because it is reserved for use with mDNS. (link and link)

 

[ADFHogan]

@ColinTaylor yeah, unfortunately .local being reserved for mDNS came in as thing after the server in question was deployed, back when it was a Microsoft convention to use .local in small business scenarios (It's a Server 2012 Essentials (eww) instance which replaced their previous SBS 2003 (slightly less eww)). I'll definitely be using a domain within the business's explicit control when the server gets upgraded if they don't end up going "to the cloud" (remember those ads - almost as bad as the Windows 7 and Songsmith ads) by then.

 

[ADFHogan]

Regarding adding to the dnsmasq config, is there a proper way to do this so the config changes aren't thumped by the UI/reboots?

I did a search for "stubby" and see /jffs/configs/dnsmasq.conf.add mentioned... This the one to create and add additional argument to? If so, how do I get it to apply after adding, or is this requiring another extension to apply?

 

[ColinTaylor]

Regarding adding to the dnsmasq config, is there a proper way to do this so the config changes aren't thumped by the UI/reboots?

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

Either /jffs/configs/dnsmasq.conf.add or /jffs/scripts/dnsmasq.postconf

 

[ADFHogan]

Thanks, @ColinTaylor ! .. Found that option in the admin area and enabled!