Solved

How to redirect DNS requests on Server 2008

Posted on 2013-12-02
34
531 Views
Last Modified: 2013-12-06
Hello Experts - I'm looking for a simple way to redirect requests to mydomain.com to an internal web server using DNS.  This is to prevent issues for users who access OWA (the external site is not accessible from inside our LAN).  What would be the easiest way to handle that?
0
Comment
Question by:First Last
  • 15
  • 6
  • 4
  • +4
34 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 39690956
add a forward lookup for your mydomain.com, that way all internal request will go to the outside domain name that you are trying to get to
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39690959
One way is to edit the hosts file on each pc on the lan, adding an entry for the web server using the internal address.

x.x.x.x    www.mywebserver.com

where x.x.x.x is the internal ip for the server.

- gurutc
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39690964
or

x.x.x.x     owa.mydomain.com  or whatever url the owa is listening on internally.
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 200 total points
ID: 39690984
Look here for help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
LVL 17

Expert Comment

by:Emmanuel Adebayo
ID: 39691018
If i understand your request properly, is mydomain.com publicly available? if this is available, do you controlthe dns or being controlled by your hosting provider?

Regards
0
 
LVL 39

Expert Comment

by:footech
ID: 39691378
the external site is not accessible from inside our LAN
Could you expand on this?  Why is it not accessible?  By external site you mean OWA, correct?  Where is it hosted?  I'm trying to determine whether this is a problem that can or that you might want to resolve.

Is "mydomain.com" the name of your internal AD domain, or is your domain name different?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39692070
If your WINDOWS domain is called example.com, and you want users to access example.com rather than www.example.com then you are going to have some problems.

the root resolves to the domain controllers and you shouldn't try and change that. About the only option would be to install IIS on every domain controller, then put a redirect on the root web site which sends the traffic to another server/address. However that has security risks as well.

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39692353
Sorry uys, I should have been more clear.  This is indeed for OWA access.  When  user hits it from outside it looks like this:

https://mydomain.com/owa

Because I am hosting OWA on the same internet connection we use for access the external name does not properly resolve.  When a user tries to access OWA using that external address form inside the LAN it fails.  Inside the lan they need to use:

https://myserver.domain.local/owa

Basically I need to redirect requests made to the external web server while on the LAN to the server here instead.  I'll read through the links, it looks like some of them might do the trick.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39692366
Good Luck,

- gurutc
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 200 total points
ID: 39692548
danbrown1888, you only need add a Forward Lookup for your DNS server that you run in your local domain. As stated above. That way it will use your correct URL.

Help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
LVL 1

Author Comment

by:First Last
ID: 39692734
Ok, that didn't work so well.  It did redirect the site but killed access to mydomain.org which is where my main site is hosted over at Digital insight.  I need for users to have access to it from inside the LAN as well.  I removed the zone and its back to normal (got yelled out for killing access temporarily though).  How can I avoid breaking access to the primary site?  We're accessing mail here:

https://exchange.mydomain.org/owa

The main site is here:

https://www.mydomain.org
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692816
ok, let me get this straight. your current users are using this URL inside: https://myserver.domain.local/owa
Do you have an MX in your DNS? of: mydomain.com
0
 
LVL 1

Author Comment

by:First Last
ID: 39692839
You have it right.  The MX record is held externally by Digital Insight and points to mail1.mydomain.org and mail2.mydomain.org.  The DNS entry for exchange.mydomain.org also is held by DI though I can have them adjust it at any time.  I just figured it would be easier to do this on my internal DNS since its only internal users who have the problem.  

I'm doing all this so we can use our Cisco wireless private network with iPad/iPhone users so they don't have to change the connection parameters for email each time they leave or enter the building.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692856
Do you a internal DNS that has the MX record of mail1.mydomain.org and mail2.mydomain.org
0
 
LVL 1

Author Comment

by:First Last
ID: 39692867
No, that is hosted by DI, we don't host an internal record for mail.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692885
That's the issue, for this to work you need an internal DNS record for your email. I had mentioned that you need that in your internal DNS previously.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:First Last
ID: 39692892
Ok but how do I do that without breaking access to mydomain.org which happened when I added the Forward Lookup?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 100 total points
ID: 39692917
If the users are accessing OWA with host.example.com then you need to create an internal DNS entry for host.example.com - so called single host name replacement split DNS.

http://semb.ee/splitdns

By doing that, rather than creating a zone for example.com, you will ensure everything else continues to work correctly. No need to worry about the MX records etc.

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39692949
Ah, the light dawns, DNS saves.  :)

Thanks guys, this did it.  I'll divide up the points, great work!
0
 
LVL 1

Author Comment

by:First Last
ID: 39693278
I spoke too soon.  This worked a total of one time, tried again 30 minutes later and the name again resolves externally, DNS entry is still there.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39693338
try the hosts entry

- gurutc
0
 
LVL 1

Author Comment

by:First Last
ID: 39693341
Can't do hosts, far too many PCs.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693376
To elaborate:

After noticing that the new entry I made stopped working I tried some of the prior advice here.  I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.  This broke access to my primary website hosted at Digital Insight, www.mydomain.org.  I looked up the publically available information that the host says is in use which returned this:

Non-authorative answer:

Name: mydomain.org
Address: 199.102.145.xx

Name: mydomain.org
Address: 199.102.149.xx

I entered these under the new Forward Lookup Zone but the site does not resolve.  I'm stuck at this point and would really appreciate any assistance.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 200 total points
ID: 39693419
I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.
Instead of going about it this way, simply create a forward lookup zone named exchange.mydomain.org. Then create a blank host record inside that zone and give it the internal IP address of the Exchange server. This is what Sembee2 meant above.

Oh, and get rid of the mydomain.org zone you created.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693422
I did that first.  It worked for about 15 minutes or so then suddenly stopped resolving.  I've tried doing it several times since then and it simply isn't working, not sure why.  The second option was more involved and if it can be avoided all the better.  Can you think of why it might have suddenly stopped working when at first it did resolve?
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 39693429
If you have more than one internal DNS server, did you make sure the zone replicated to all of them? Also, are your domain-joined machines configured to use only the internal servers for DNS?
0
 
LVL 1

Author Comment

by:First Last
ID: 39693434
Here's a screenshot.  When I ping it should resolve to 10.35.208.x but instead, even with the DNS entry you can see behind the command prompt, it is still resolving outside the LAN.  I did do a ipconfig /flush dns prior to testing.

pic
0
 
LVL 1

Author Comment

by:First Last
ID: 39693439
We have three DCs all handling DNS, they are synchronized.  All users are on internal DNS only.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693452
Nope, I was wrong.  The DNS addition does not appear to have replicated.  How can I force it?  I'm surprised its taking so long.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693465
Sorry for the million lines of posts...could this be related to the Dynamic Updates option which is turned off?  I'm also seeing under the Zone Transfers tab in the properties for the new Forward Lookup that it was set to allow zone transfers only to the ones listed on the Name Servers tab which is just the one DC where the change was made.

Would it make more sense to manually add this to each DNS server?
0
 
LVL 26

Assisted Solution

by:DrDave242
DrDave242 earned 200 total points
ID: 39693473
Did you make the zone AD-integrated or a standard primary zone? If it's AD-integrated, it will replicate along with the rest of AD, but if not, you'll have to configure zone transfers for it.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693477
Got it, you were right on the money.  DrDave I owe you some points, is there a way for me to reassign them?  If not I can open a new ticket and go through the motions.  Thank you very much for the assist!
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 39693486
I'm not 100% certain, but I believe you have to use the Request Attention link at the top of this thread in order to get a moderator to reopen the question, at which time you can reallocate the points.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now