Solved

How to redirect DNS requests on Server 2008

Posted on 2013-12-02
34
528 Views
Last Modified: 2013-12-06
Hello Experts - I'm looking for a simple way to redirect requests to mydomain.com to an internal web server using DNS.  This is to prevent issues for users who access OWA (the external site is not accessible from inside our LAN).  What would be the easiest way to handle that?
0
Comment
Question by:First Last
  • 15
  • 6
  • 4
  • +4
34 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 39690956
add a forward lookup for your mydomain.com, that way all internal request will go to the outside domain name that you are trying to get to
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39690959
One way is to edit the hosts file on each pc on the lan, adding an entry for the web server using the internal address.

x.x.x.x    www.mywebserver.com

where x.x.x.x is the internal ip for the server.

- gurutc
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39690964
or

x.x.x.x     owa.mydomain.com  or whatever url the owa is listening on internally.
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 200 total points
ID: 39690984
Look here for help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
LVL 16

Expert Comment

by:Emmanuel Adebayo
ID: 39691018
If i understand your request properly, is mydomain.com publicly available? if this is available, do you controlthe dns or being controlled by your hosting provider?

Regards
0
 
LVL 39

Expert Comment

by:footech
ID: 39691378
the external site is not accessible from inside our LAN
Could you expand on this?  Why is it not accessible?  By external site you mean OWA, correct?  Where is it hosted?  I'm trying to determine whether this is a problem that can or that you might want to resolve.

Is "mydomain.com" the name of your internal AD domain, or is your domain name different?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39692070
If your WINDOWS domain is called example.com, and you want users to access example.com rather than www.example.com then you are going to have some problems.

the root resolves to the domain controllers and you shouldn't try and change that. About the only option would be to install IIS on every domain controller, then put a redirect on the root web site which sends the traffic to another server/address. However that has security risks as well.

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39692353
Sorry uys, I should have been more clear.  This is indeed for OWA access.  When  user hits it from outside it looks like this:

https://mydomain.com/owa

Because I am hosting OWA on the same internet connection we use for access the external name does not properly resolve.  When a user tries to access OWA using that external address form inside the LAN it fails.  Inside the lan they need to use:

https://myserver.domain.local/owa

Basically I need to redirect requests made to the external web server while on the LAN to the server here instead.  I'll read through the links, it looks like some of them might do the trick.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39692366
Good Luck,

- gurutc
0
 
LVL 20

Assisted Solution

by:Lazarus
Lazarus earned 200 total points
ID: 39692548
danbrown1888, you only need add a Forward Lookup for your DNS server that you run in your local domain. As stated above. That way it will use your correct URL.

Help adding the DNS: http://rdsrc.us/9txgM0
The answer is a previous EE Q/A and should be of great help to you
0
 
LVL 1

Author Comment

by:First Last
ID: 39692734
Ok, that didn't work so well.  It did redirect the site but killed access to mydomain.org which is where my main site is hosted over at Digital insight.  I need for users to have access to it from inside the LAN as well.  I removed the zone and its back to normal (got yelled out for killing access temporarily though).  How can I avoid breaking access to the primary site?  We're accessing mail here:

https://exchange.mydomain.org/owa

The main site is here:

https://www.mydomain.org
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692816
ok, let me get this straight. your current users are using this URL inside: https://myserver.domain.local/owa
Do you have an MX in your DNS? of: mydomain.com
0
 
LVL 1

Author Comment

by:First Last
ID: 39692839
You have it right.  The MX record is held externally by Digital Insight and points to mail1.mydomain.org and mail2.mydomain.org.  The DNS entry for exchange.mydomain.org also is held by DI though I can have them adjust it at any time.  I just figured it would be easier to do this on my internal DNS since its only internal users who have the problem.  

I'm doing all this so we can use our Cisco wireless private network with iPad/iPhone users so they don't have to change the connection parameters for email each time they leave or enter the building.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692856
Do you a internal DNS that has the MX record of mail1.mydomain.org and mail2.mydomain.org
0
 
LVL 1

Author Comment

by:First Last
ID: 39692867
No, that is hosted by DI, we don't host an internal record for mail.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39692885
That's the issue, for this to work you need an internal DNS record for your email. I had mentioned that you need that in your internal DNS previously.
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 1

Author Comment

by:First Last
ID: 39692892
Ok but how do I do that without breaking access to mydomain.org which happened when I added the Forward Lookup?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 100 total points
ID: 39692917
If the users are accessing OWA with host.example.com then you need to create an internal DNS entry for host.example.com - so called single host name replacement split DNS.

http://semb.ee/splitdns

By doing that, rather than creating a zone for example.com, you will ensure everything else continues to work correctly. No need to worry about the MX records etc.

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39692949
Ah, the light dawns, DNS saves.  :)

Thanks guys, this did it.  I'll divide up the points, great work!
0
 
LVL 1

Author Comment

by:First Last
ID: 39693278
I spoke too soon.  This worked a total of one time, tried again 30 minutes later and the name again resolves externally, DNS entry is still there.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39693338
try the hosts entry

- gurutc
0
 
LVL 1

Author Comment

by:First Last
ID: 39693341
Can't do hosts, far too many PCs.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693376
To elaborate:

After noticing that the new entry I made stopped working I tried some of the prior advice here.  I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.  This broke access to my primary website hosted at Digital Insight, www.mydomain.org.  I looked up the publically available information that the host says is in use which returned this:

Non-authorative answer:

Name: mydomain.org
Address: 199.102.145.xx

Name: mydomain.org
Address: 199.102.149.xx

I entered these under the new Forward Lookup Zone but the site does not resolve.  I'm stuck at this point and would really appreciate any assistance.
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 200 total points
ID: 39693419
I created a new Forward Lookup Zone called mydomain.org, then created an A record for exchange.mydomain.org.
Instead of going about it this way, simply create a forward lookup zone named exchange.mydomain.org. Then create a blank host record inside that zone and give it the internal IP address of the Exchange server. This is what Sembee2 meant above.

Oh, and get rid of the mydomain.org zone you created.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693422
I did that first.  It worked for about 15 minutes or so then suddenly stopped resolving.  I've tried doing it several times since then and it simply isn't working, not sure why.  The second option was more involved and if it can be avoided all the better.  Can you think of why it might have suddenly stopped working when at first it did resolve?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 39693429
If you have more than one internal DNS server, did you make sure the zone replicated to all of them? Also, are your domain-joined machines configured to use only the internal servers for DNS?
0
 
LVL 1

Author Comment

by:First Last
ID: 39693434
Here's a screenshot.  When I ping it should resolve to 10.35.208.x but instead, even with the DNS entry you can see behind the command prompt, it is still resolving outside the LAN.  I did do a ipconfig /flush dns prior to testing.

pic
0
 
LVL 1

Author Comment

by:First Last
ID: 39693439
We have three DCs all handling DNS, they are synchronized.  All users are on internal DNS only.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693452
Nope, I was wrong.  The DNS addition does not appear to have replicated.  How can I force it?  I'm surprised its taking so long.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693465
Sorry for the million lines of posts...could this be related to the Dynamic Updates option which is turned off?  I'm also seeing under the Zone Transfers tab in the properties for the new Forward Lookup that it was set to allow zone transfers only to the ones listed on the Name Servers tab which is just the one DC where the change was made.

Would it make more sense to manually add this to each DNS server?
0
 
LVL 25

Assisted Solution

by:DrDave242
DrDave242 earned 200 total points
ID: 39693473
Did you make the zone AD-integrated or a standard primary zone? If it's AD-integrated, it will replicate along with the rest of AD, but if not, you'll have to configure zone transfers for it.
0
 
LVL 1

Author Comment

by:First Last
ID: 39693477
Got it, you were right on the money.  DrDave I owe you some points, is there a way for me to reassign them?  If not I can open a new ticket and go through the motions.  Thank you very much for the assist!
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 39693486
I'm not 100% certain, but I believe you have to use the Request Attention link at the top of this thread in order to get a moderator to reopen the question, at which time you can reallocate the points.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now