1

How Do I use Windows Server 2008's DNS role to redirect resolve certain domain names?

When a user types in an address, I'd like to redirect it as such:

http://crm -> http://<ip of webserver>
http://bugs/issue/12 -> http://<ip of bugtracker>/issue/12
http://myspace.com -> http://127.0.0.1
and so on.

I've got Forwared Lookup Zones and Reverse Lookup Zones but i'm not sure exactly what they mean.

Grant
  • 321
  • 4
  • 10

4 Answers4

1

Contrary to some other answers, DNS is exactly what you would use to do this. First, you will need to ensure everyone on the network is using your DNS forwarder to resolve queries. You can control this as part of your DHCP configuration. Make sure you set the DNS settings to use your own DNS server(s), then configure those servers as resolvers or forwarders so they can resolve queries for the outside world (www.cnn.com for example). Once that is in place, you can create a forward lookup zone for whatever you want. If you want to kill myspace.com, setup myspace.com as a forward lookup zone, then create a wildcard 'A' record that points to 127.0.0.1 and it will become inaccessible. If you do this, I would direct users to an internal web server that returns a copy of the company's Internet use policy instead of a dead-end.

For basic names such as "crm" you can create a host called "crm" as an 'A' record within the default domain for the network. If your default domain is mycompany.local, you would create "crm.mycompany.local" and point it to whatever IP your CRM web server is located at. When someone puts "http://crm" into their browser, the OS will try to do a DNS lookup for "crm" and append the default domain "mycompany.local" to it automatically, resulting in "crm.mycompany.local".

One caveat is that this will only work for those using your DNS servers as their resolvers. If someone decides that they really want to get to myspace.com, they can change their TCP/IP settings to ignore the DHCP assigned DNS servers and put in their own (such as those provided by OpenDNS, among others). You can control this in some cases using Active Directory Domain Security Policies for Windows systems, not sure if you can limit that on a Mac though.

Justin Scott
  • 8,748
  • 1
  • 27
  • 39
  • That works perfectly, myspace totally pings 127.0.0.1. I'm not actually trying to block myspace, (though if I did, it would only be to keep people honest, not try to honestify a dishonest person). I just knew that the solution to the crm/bugs issues would be the same solution as the myspace one. And more people would relate to trying to block myspace than setting up an eaiser CRM server page. – Grant Apr 30 '09 at 15:23
1

This Question may help

Vagnerr
  • 1,265
  • 1
  • 15
  • 20
  • Sorta-Kinda. That's good if I already have "bugs" and "crm" registered, and it can't be used to redirect MySpace (unless they are willing to sell their domain name to me). – Grant Apr 30 '09 at 15:08
1

To do this you would need to setup the DNS zones for the domains you want to forward in your DNS server, so if you wanted to re-direct Myspace to localhost, then you would need to setup a MySpace.com forward lookup zone on your DNS server and setup an A record in there to point to where you want it.

Your clients would check your Local DNS server first (assuming its setup that way), get an authoritative response for that zone and use that. Any zones not on your DNS server would be redirected to the next DNS server in the chain, usually your ISP's.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
0

If I understand your question, you want to redirect HTTP requests. This can't be done through DNS changes (alone). You have to change IIS (or whatever web server you're using) settings, using host headers etc.

In IIS 7.0 on Windows Server 2008 there is the "HTTP Redirect" setting in the HTTP Settings section.

I guess you just want to define local addresses for common names. Just try to add host names (crm, bugs) for your local domain associating them to the desired ip addresses.

splattne
  • 28,348
  • 19
  • 97
  • 147
  • I just want to set custom IP addresses for things. – Grant Apr 30 '09 at 15:05
  • Sorry, I misunderstood your question, because I thought you wanted to redirect the URL using HTTP. That's normally meant by "redirect". DNS is just about "resolving" names into addresses. – splattne Apr 30 '09 at 15:11