Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 562
  • Last Modified:

How to redirect DNS requests on Server 2008

Hello Experts - I'm looking for a simple way to redirect requests to mydomain.com to an internal web server using DNS.  This is to prevent issues for users who access OWA (the external site is not accessible from inside our LAN).  What would be the easiest way to handle that?
0
First Last
Asked:
First Last
  • 15
  • 6
  • 4
  • +4
5 Solutions
 
LazarusCommented:
add a forward lookup for your mydomain.com, that way all internal request will go to the outside domain name that you are trying to get to
0
 
gurutcCommented:
One way is to edit the hosts file on each pc on the lan, adding an entry for the web server using the internal address.

x.x.x.x    www.mywebserver.com

where x.x.x.x is the internal ip for the server.

- gurutc
0
 
gurutcCommented:
or

x.x.x.x     owa.mydomain.com  or whatever url the owa is listening on internally.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LazarusCommented:
Look here for help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
If i understand your request properly, is mydomain.com publicly available? if this is available, do you controlthe dns or being controlled by your hosting provider?

Regards
0
 
footechCommented:
the external site is not accessible from inside our LAN
Could you expand on this?  Why is it not accessible?  By external site you mean OWA, correct?  Where is it hosted?  I'm trying to determine whether this is a problem that can or that you might want to resolve.

Is "mydomain.com" the name of your internal AD domain, or is your domain name different?
0
 
Simon Butler (Sembee)ConsultantCommented:
If your WINDOWS domain is called example.com, and you want users to access example.com rather than www.example.com then you are going to have some problems.

the root resolves to the domain controllers and you shouldn't try and change that. About the only option would be to install IIS on every domain controller, then put a redirect on the root web site which sends the traffic to another server/address. However that has security risks as well.

Simon.
0
 
First LastAuthor Commented:
Sorry uys, I should have been more clear.  This is indeed for OWA access.  When  user hits it from outside it looks like this:

https://mydomain.com/owa

Because I am hosting OWA on the same internet connection we use for access the external name does not properly resolve.  When a user tries to access OWA using that external address form inside the LAN it fails.  Inside the lan they need to use:

https://myserver.domain.local/owa

Basically I need to redirect requests made to the external web server while on the LAN to the server here instead.  I'll read through the links, it looks like some of them might do the trick.
0
 
gurutcCommented:
Good Luck,

- gurutc
0
 
LazarusCommented:
danbrown1888, you only need add a Forward Lookup for your DNS server that you run in your local domain. As stated above. That way it will use your correct URL.

Help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
First LastAuthor Commented:
Ok, that didn't work so well.  It did redirect the site but killed access to mydomain.org which is where my main site is hosted over at Digital insight.  I need for users to have access to it from inside the LAN as well.  I removed the zone and its back to normal (got yelled out for killing access temporarily though).  How can I avoid breaking access to the primary site?  We're accessing mail here:

https://exchange.mydomain.org/owa

The main site is here:

https://www.mydomain.org
0
 
LazarusCommented:
ok, let me get this straight. your current users are using this URL inside: https://myserver.domain.local/owa
Do you have an MX in your DNS? of: mydomain.com
0
 
First LastAuthor Commented:
You have it right.  The MX record is held externally by Digital Insight and points to mail1.mydomain.org and mail2.mydomain.org.  The DNS entry for exchange.mydomain.org also is held by DI though I can have them adjust it at any time.  I just figured it would be easier to do this on my internal DNS since its only internal users who have the problem.  

I'm doing all this so we can use our Cisco wireless private network with iPad/iPhone users so they don't have to change the connection parameters for email each time they leave or enter the building.
0
 
LazarusCommented:
Do you a internal DNS that has the MX record of mail1.mydomain.org and mail2.mydomain.org
0
 
First LastAuthor Commented:
No, that is hosted by DI, we don't host an internal record for mail.
0
 
LazarusCommented:
That's the issue, for this to work you need an internal DNS record for your email. I had mentioned that you need that in your internal DNS previously.
0
 
First LastAuthor Commented:
Ok but how do I do that without breaking access to mydomain.org which happened when I added the Forward Lookup?
0
 
Simon Butler (Sembee)ConsultantCommented:
If the users are accessing OWA with host.example.com then you need to create an internal DNS entry for host.example.com - so called single host name replacement split DNS.

http://semb.ee/splitdns

By doing that, rather than creating a zone for example.com, you will ensure everything else continues to work correctly. No need to worry about the MX records etc.

Simon.
0
 
First LastAuthor Commented:
Ah, the light dawns, DNS saves.  :)

Thanks guys, this did it.  I'll divide up the points, great work!
0
 
First LastAuthor Commented:
I spoke too soon.  This worked a total of one time, tried again 30 minutes later and the name again resolves externally, DNS entry is still there.
0
 
gurutcCommented:
try the hosts entry

- gurutc
0
 
First LastAuthor Commented:
Can't do hosts, far too many PCs.
0
 
First LastAuthor Commented:
To elaborate:

After noticing that the new entry I made stopped working I tried some of the prior advice here.  I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.  This broke access to my primary website hosted at Digital Insight, www.mydomain.org.  I looked up the publically available information that the host says is in use which returned this:

Non-authorative answer:

Name: mydomain.org
Address: 199.102.145.xx

Name: mydomain.org
Address: 199.102.149.xx

I entered these under the new Forward Lookup Zone but the site does not resolve.  I'm stuck at this point and would really appreciate any assistance.
0
 
DrDave242Commented:
I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.
Instead of going about it this way, simply create a forward lookup zone named exchange.mydomain.org. Then create a blank host record inside that zone and give it the internal IP address of the Exchange server. This is what Sembee2 meant above.

Oh, and get rid of the mydomain.org zone you created.
0
 
First LastAuthor Commented:
I did that first.  It worked for about 15 minutes or so then suddenly stopped resolving.  I've tried doing it several times since then and it simply isn't working, not sure why.  The second option was more involved and if it can be avoided all the better.  Can you think of why it might have suddenly stopped working when at first it did resolve?
0
 
DrDave242Commented:
If you have more than one internal DNS server, did you make sure the zone replicated to all of them? Also, are your domain-joined machines configured to use only the internal servers for DNS?
0
 
First LastAuthor Commented:
Here's a screenshot.  When I ping it should resolve to 10.35.208.x but instead, even with the DNS entry you can see behind the command prompt, it is still resolving outside the LAN.  I did do a ipconfig /flush dns prior to testing.

pic
0
 
First LastAuthor Commented:
We have three DCs all handling DNS, they are synchronized.  All users are on internal DNS only.
0
 
First LastAuthor Commented:
Nope, I was wrong.  The DNS addition does not appear to have replicated.  How can I force it?  I'm surprised its taking so long.
0
 
First LastAuthor Commented:
Sorry for the million lines of posts...could this be related to the Dynamic Updates option which is turned off?  I'm also seeing under the Zone Transfers tab in the properties for the new Forward Lookup that it was set to allow zone transfers only to the ones listed on the Name Servers tab which is just the one DC where the change was made.

Would it make more sense to manually add this to each DNS server?
0
 
DrDave242Commented:
Did you make the zone AD-integrated or a standard primary zone? If it's AD-integrated, it will replicate along with the rest of AD, but if not, you'll have to configure zone transfers for it.
0
 
First LastAuthor Commented:
Got it, you were right on the money.  DrDave I owe you some points, is there a way for me to reassign them?  If not I can open a new ticket and go through the motions.  Thank you very much for the assist!
0
 
DrDave242Commented:
I'm not 100% certain, but I believe you have to use the Request Attention link at the top of this thread in order to get a moderator to reopen the question, at which time you can reallocate the points.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 15
  • 6
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now