Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to redirect DNS requests on Server 2008

Posted on 2013-12-02
34
Medium Priority
?
551 Views
Last Modified: 2013-12-06
Hello Experts - I'm looking for a simple way to redirect requests to mydomain.com to an internal web server using DNS.  This is to prevent issues for users who access OWA (the external site is not accessible from inside our LAN).  What would be the easiest way to handle that?
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 6
  • 4
  • +4
34 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 39690956
add a forward lookup for your mydomain.com, that way all internal request will go to the outside domain name that you are trying to get to
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39690959
One way is to edit the hosts file on each pc on the lan, adding an entry for the web server using the internal address.

x.x.x.x    www.mywebserver.com

where x.x.x.x is the internal ip for the server.

- gurutc
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39690964
or

x.x.x.x     owa.mydomain.com  or whatever url the owa is listening on internally.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 800 total points
ID: 39690984
Look here for help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
LVL 18

Expert Comment

by:Emmanuel Adebayo
ID: 39691018
If i understand your request properly, is mydomain.com publicly available? if this is available, do you controlthe dns or being controlled by your hosting provider?

Regards
0
 
LVL 41

Expert Comment

by:footech
ID: 39691378
the external site is not accessible from inside our LAN
Could you expand on this?  Why is it not accessible?  By external site you mean OWA, correct?  Where is it hosted?  I'm trying to determine whether this is a problem that can or that you might want to resolve.

Is "mydomain.com" the name of your internal AD domain, or is your domain name different?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39692070
If your WINDOWS domain is called example.com, and you want users to access example.com rather than www.example.com then you are going to have some problems.

the root resolves to the domain controllers and you shouldn't try and change that. About the only option would be to install IIS on every domain controller, then put a redirect on the root web site which sends the traffic to another server/address. However that has security risks as well.

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39692353
Sorry uys, I should have been more clear.  This is indeed for OWA access.  When  user hits it from outside it looks like this:

https://mydomain.com/owa

Because I am hosting OWA on the same internet connection we use for access the external name does not properly resolve.  When a user tries to access OWA using that external address form inside the LAN it fails.  Inside the lan they need to use:

https://myserver.domain.local/owa

Basically I need to redirect requests made to the external web server while on the LAN to the server here instead.  I'll read through the links, it looks like some of them might do the trick.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39692366
Good Luck,

- gurutc
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 800 total points
ID: 39692548
danbrown1888, you only need add a Forward Lookup for your DNS server that you run in your local domain. As stated above. That way it will use your correct URL.

Help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
LVL 1

Author Comment

by:First Last
ID: 39692734
Ok, that didn't work so well.  It did redirect the site but killed access to mydomain.org which is where my main site is hosted over at Digital insight.  I need for users to have access to it from inside the LAN as well.  I removed the zone and its back to normal (got yelled out for killing access temporarily though).  How can I avoid breaking access to the primary site?  We're accessing mail here:

https://exchange.mydomain.org/owa

The main site is here:

https://www.mydomain.org
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692816
ok, let me get this straight. your current users are using this URL inside: https://myserver.domain.local/owa
Do you have an MX in your DNS? of: mydomain.com
0
 
LVL 1

Author Comment

by:First Last
ID: 39692839
You have it right.  The MX record is held externally by Digital Insight and points to mail1.mydomain.org and mail2.mydomain.org.  The DNS entry for exchange.mydomain.org also is held by DI though I can have them adjust it at any time.  I just figured it would be easier to do this on my internal DNS since its only internal users who have the problem.  

I'm doing all this so we can use our Cisco wireless private network with iPad/iPhone users so they don't have to change the connection parameters for email each time they leave or enter the building.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692856
Do you a internal DNS that has the MX record of mail1.mydomain.org and mail2.mydomain.org
0
 
LVL 1

Author Comment

by:First Last
ID: 39692867
No, that is hosted by DI, we don't host an internal record for mail.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692885
That's the issue, for this to work you need an internal DNS record for your email. I had mentioned that you need that in your internal DNS previously.
0
 
LVL 1

Author Comment

by:First Last
ID: 39692892
Ok but how do I do that without breaking access to mydomain.org which happened when I added the Forward Lookup?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 400 total points
ID: 39692917
If the users are accessing OWA with host.example.com then you need to create an internal DNS entry for host.example.com - so called single host name replacement split DNS.

http://semb.ee/splitdns

By doing that, rather than creating a zone for example.com, you will ensure everything else continues to work correctly. No need to worry about the MX records etc.

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39692949
Ah, the light dawns, DNS saves.  :)

Thanks guys, this did it.  I'll divide up the points, great work!
0
 
LVL 1

Author Comment

by:First Last
ID: 39693278
I spoke too soon.  This worked a total of one time, tried again 30 minutes later and the name again resolves externally, DNS entry is still there.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39693338
try the hosts entry

- gurutc
0
 
LVL 1

Author Comment

by:First Last
ID: 39693341
Can't do hosts, far too many PCs.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693376
To elaborate:

After noticing that the new entry I made stopped working I tried some of the prior advice here.  I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.  This broke access to my primary website hosted at Digital Insight, www.mydomain.org.  I looked up the publically available information that the host says is in use which returned this:

Non-authorative answer:

Name: mydomain.org
Address: 199.102.145.xx

Name: mydomain.org
Address: 199.102.149.xx

I entered these under the new Forward Lookup Zone but the site does not resolve.  I'm stuck at this point and would really appreciate any assistance.
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 800 total points
ID: 39693419
I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.
Instead of going about it this way, simply create a forward lookup zone named exchange.mydomain.org. Then create a blank host record inside that zone and give it the internal IP address of the Exchange server. This is what Sembee2 meant above.

Oh, and get rid of the mydomain.org zone you created.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693422
I did that first.  It worked for about 15 minutes or so then suddenly stopped resolving.  I've tried doing it several times since then and it simply isn't working, not sure why.  The second option was more involved and if it can be avoided all the better.  Can you think of why it might have suddenly stopped working when at first it did resolve?
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 39693429
If you have more than one internal DNS server, did you make sure the zone replicated to all of them? Also, are your domain-joined machines configured to use only the internal servers for DNS?
0
 
LVL 1

Author Comment

by:First Last
ID: 39693434
Here's a screenshot.  When I ping it should resolve to 10.35.208.x but instead, even with the DNS entry you can see behind the command prompt, it is still resolving outside the LAN.  I did do a ipconfig /flush dns prior to testing.

pic
0
 
LVL 1

Author Comment

by:First Last
ID: 39693439
We have three DCs all handling DNS, they are synchronized.  All users are on internal DNS only.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693452
Nope, I was wrong.  The DNS addition does not appear to have replicated.  How can I force it?  I'm surprised its taking so long.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693465
Sorry for the million lines of posts...could this be related to the Dynamic Updates option which is turned off?  I'm also seeing under the Zone Transfers tab in the properties for the new Forward Lookup that it was set to allow zone transfers only to the ones listed on the Name Servers tab which is just the one DC where the change was made.

Would it make more sense to manually add this to each DNS server?
0
 
LVL 27

Assisted Solution

by:DrDave242
DrDave242 earned 800 total points
ID: 39693473
Did you make the zone AD-integrated or a standard primary zone? If it's AD-integrated, it will replicate along with the rest of AD, but if not, you'll have to configure zone transfers for it.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693477
Got it, you were right on the money.  DrDave I owe you some points, is there a way for me to reassign them?  If not I can open a new ticket and go through the motions.  Thank you very much for the assist!
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 39693486
I'm not 100% certain, but I believe you have to use the Request Attention link at the top of this thread in order to get a moderator to reopen the question, at which time you can reallocate the points.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question