[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 171
  • Last Modified:

Re-Direct Certain Domains using DNS.

Hello,

We have a Windows 2000 Network, running Active Directory.  We have one server that is running DNS for the Network.  I would like to block certain domain names on my network like hotmail.com for instance.  Is there a way that I can place in entry in my DNS server to have hotmail resolve to a page on your local intranet or just give a page not found.  

The only thing that I can think of is two modify the host file on my DNS server or each PC that I would like to restrict.  Is there a more elegant way to do this?

Thanks

M
0
MickaelE
Asked:
MickaelE
  • 4
  • 4
  • 3
1 Solution
 
Jay_Jay70Commented:
Hi MickaelE,

much more elegant way would be to get hold of a proxy server and do it that way - much more efficient and a much better practice

you can google for free proxies and get heaps of them, or you can use MS ISA
0
 
MickaelEAuthor Commented:
I always hear bad things about proxies.  Caching etc...  At this point I would just like to block a few domain names.  Does that really need a proxy?
0
 
Jay_Jay70Commented:
i havent done it through DNS and dont know if it will actually work, which is why i suggested proxy :) as i know they do work, proxies go bad when they arent maintained......

you can always try with dns or i can try for you a bit later today
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
MickaelEAuthor Commented:
What Proxy do you recommend then in the Meantime?
0
 
Jay_Jay70Commented:
microsoft have just released an eval version of ISA 2006 which is good for 210 days, you may want t play with that and see whther you think it is something worth looking at
0
 
norganCommented:
Does your router have web blocking? most include this these days. Other thing i would try is blocking the ip address for hotmail, it will not redirect but it will stop access. if all else fails then create a dns domain for hotmail and it will become a local domian, you will have to do a dnsflush of the workstations to read the new dns (fromn your server) before the chages will take effect.

basically even if you dont host the domian, if you have it local then your clients will think that your dns server is the authorative server for that domain. make sure you DO NOT allow dns updates for that domain and that your server doesn't do recursive lookups for external clients.
0
 
MickaelEAuthor Commented:
Hi Norgan

Your suggestion is what I was looking to do.  Can you tell me how I can create a DNS entry for that domain name?  I tried to add a host in my DNS but it did not take?

M
0
 
norganCommented:
you will need to add a new zone to your dns server for hotmail.com and set your dns as the name server for it, as you would for any dns zone. in theory you should be able to add any dns zone to your dns regardless if it's "real"or not. it's only your internal clients that will be looking at it, just be sure to run an ipconfig/flushdns to clear the old records from the dns cache on each workstation.
0
 
MickaelEAuthor Commented:
I don't really have that much experience with DNS can tell me how to add a zone on windows 2000?
0
 
norganCommented:
* open dns managment console=> right click on forward lookup zones then choose new zone.
* click nex then leave on primary and uncheck store in active directory (this is a pseudo dns domain and we don't want ad looking at it and don't need it integrated).
* click next and call it hotmail.com
* choose default on the next page to create the dns zone file click next.
* leave this setting to not allow dynamic updates and click next
* click finish
* now open the tree and highlight your new zone
* right click and select new host record (A)
* type www as the host name and put in the ip address of the web server you want to redirect to
* click add host and your done

Next step is to create a site for that redirect (if you want to display a message or some sort of warning) otherwise just point it to your existing intranet.
I think that's everything, if i have missed something then my appologies but this should be enough to get you through. If you need to change you name servers then you can do that by right-clicking and selecting properties on that dns zone.

(You will need to add a host header for hotmail.com and www.hotmail.com on the new site in iis if you want to have a seperate page for a message of some sort)

Hope this helps,
Nathan.




0
 
norganCommented:
oh and run ipconfig/flushdns on all your workstations.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now