Apex Override
Occasionally I need to override the answer to a DNS query. I.e. I want www.example.com to resolve to the the internal IP address of the web server, not the external IP address that is NATed in to the same server.
Thankfully DNS answers queries in such a way that the most specific zone wins. This means I can create a zone on my internal office DNS server named "www.example.com" and have it override the result for the "www" name in the "example.com" zone that is served to the world. All I need to do is put an A record in the apex (top) of the "www.example.com" zone. This way, when a client in the office queries for "www.example.com", the office DNS server recognizes that it is authoritative for the "www.example.com" zone and uses it to answer queries. Since I asked for an "A" record with a FQDN of "www.example.com", the office DNS server knows that it needs to look for an A record in the zone apex and use it to answer the query.
Consider the following "www.exmple.com" zone:
www.example.com. IN SOA ns1.office.example.com. administrator.office.example.com. (2014061600 10800 900 604800 86400) www.example.com. IN NS ns1.office.example.com. www.example.com. IN A 192.0.2.234
With this zone in place, any client that queries the office DNS server for "www.example.com", will get a result of 192.0.2.234, rather than the external IP address that is NATed into the internal server.
- It is important to point out that this ONLY impacts the clients that use the office DNS server for name resolution. This doe NOT impact anyone that does not use the office DNS server. So it is safe to use without worrying about causing unexpected impacts to other things.
- Apex Overrides can be used without having to worry about what other records exist in the parent zone, "example.com". Thus you can safely use this without worrying about interfering with other records, like "smtp.example.com" or "vpn.example.com".
Remember to put your white hat on and play nice with others.