TRCC_IT
asked on
How to create a DNS exception for an external website
Here is my scenario: My company has an affiliation with another company (different domain, no trusts) with a VPN with access to limited, specific, IP addresses . This company has a number of websites that have external public IP addresses and different internal public IP.
When I try to get to a specific website by name (we'll call it site X) I get their standard redirect saying I am trying to get to the site from outside the network and that I should use an alternate site. If I put the site x.company.com and inside IP (routed over VPN) into my hosts file I get the site I want.
How do I get this to work with out using the local hosts file? If I try to to make an entry in my DNS it wants me to create a new zone (for that domain name) which then causes problems getting to any other resource that I still get to on that domain via public DNS.
So I need to get to some company.com resources via the internet and public DNS and I need to get to some resources via VPN routed IP addresses which are not in DNS.
When I try to get to a specific website by name (we'll call it site X) I get their standard redirect saying I am trying to get to the site from outside the network and that I should use an alternate site. If I put the site x.company.com and inside IP (routed over VPN) into my hosts file I get the site I want.
How do I get this to work with out using the local hosts file? If I try to to make an entry in my DNS it wants me to create a new zone (for that domain name) which then causes problems getting to any other resource that I still get to on that domain via public DNS.
So I need to get to some company.com resources via the internet and public DNS and I need to get to some resources via VPN routed IP addresses which are not in DNS.
You could setup a forwarder for that domain to their internal DNS servers and leverage their internal DNS configuration. (They'll probably have provisions for any external addresses to allow their own clients access)
You could use DNS Forwarders for the domain. Go into your DNS servr right-click the server go to properties the Forwarders tab.
Or you could add a Secondary DNS zone for the other site's domain.
Or you could add a Secondary DNS zone for the other site's domain.
ASKER
Currently we don't have access to any of their internal DNS servers, though I can certainly request such. They are a large organization and have separate DNS for internal and external.
dariusq: Setting up a 2nd zone has caused me trouble. When I put 1 manual entry in it for a public IP on the inside of company.com's network it breaks my resolving any of their externally published DNS names. I can see if combining a forwarder with a 2nd zone fixes the problem though. Will get back to you.
dariusq: Setting up a 2nd zone has caused me trouble. When I put 1 manual entry in it for a public IP on the inside of company.com's network it breaks my resolving any of their externally published DNS names. I can see if combining a forwarder with a 2nd zone fixes the problem though. Will get back to you.
Or you could create a zone x.company.com (yes, x.company.com not company.com) and have a single A record for . (that is dot). This might be a wierd solution, but it should work.
ASKER
Okay, so I setup a forwarder on my DNS server so that external requests to company.com should not break if I create my own zone for company.com. I used 4.2.2.2.
Then I created the new zone (company.com) and added the A record for X. I flushed the DNS cache and I was still getting the redirected page despite my pings now resolving the correct IP that I wanted. I closed and reopened the browser and the correct site came up! I was excited, but then found I was having problems getting to other company.com sites that I access via the internet. On to troubleshooting right now.
Then I created the new zone (company.com) and added the A record for X. I flushed the DNS cache and I was still getting the redirected page despite my pings now resolving the correct IP that I wanted. I closed and reopened the browser and the correct site came up! I was excited, but then found I was having problems getting to other company.com sites that I access via the internet. On to troubleshooting right now.
ASKER
I had to delete the zone for company.com in order to be able to get to www.company.com.
I will try the suggestion for the x.company.com zone next.
I will try the suggestion for the x.company.com zone next.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess I was hoping there was someway of simulating a hosts entry at the DNS level. The x.company.com zone got me close but as soon as a tried any link off the main website it would break. With the hosts file entry I could browse to any link as long as it was on the same server.
For example using hosts file with entry:
#.#.#.# x.company.com
I could browse links to a.x.company.com, b.x.company.com, etc.
With DNS zone x.company.com and blank A record pointing to #.#.#.# I could get to the front page only and no links.
So there is no way to emulate what a hosts record does at the local DNS level? If that is the case then it sounds like my best bet is to get access to the internal DNS of our affiliate.
For example using hosts file with entry:
#.#.#.# x.company.com
I could browse links to a.x.company.com, b.x.company.com, etc.
With DNS zone x.company.com and blank A record pointing to #.#.#.# I could get to the front page only and no links.
So there is no way to emulate what a hosts record does at the local DNS level? If that is the case then it sounds like my best bet is to get access to the internal DNS of our affiliate.
Host files only match the excact name in the file ( they just prepopulate the local dns cache )
DNS will match the entire zone - either with a matching record, or stating that no such address exists
Creating many zones for each server name ( as per gremwell ) will work like the hosts file, but you need to create zones for all the hosts that the web page will link you to, its a lot of work & if they've already done the work best use theirs.
DNS will match the entire zone - either with a matching record, or stating that no such address exists
Creating many zones for each server name ( as per gremwell ) will work like the hosts file, but you need to create zones for all the hosts that the web page will link you to, its a lot of work & if they've already done the work best use theirs.
Just a thought, if they won't give you access to their internal DNS servers (for whatever reason they don't want you connecting to the servers) they might still be willing to give you a copy of their DNS zone file, then you could install that into your DNS server & run a local copy -- save you the work of recreating it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have been trying to get access to one of their DNS servers but have not gotten the okay from their IT dept yet. I was hoping to have that working before closing the question, but as that is the only solution I see being truly viable I am splitting the points to the 2 techs that offered the most help.
Thanks all.
Thanks all.