none
Windows Server 2016 DNS NOT resolving redirected external domains name! RRS feed

  • General discussion

  • Hello, I am currently running Windows Server 2016 Standard Edition in a lab testing environment. and I have DNS, DHCP and ADDS installed on it! Since my Server is my local DNS server for my network. I wanted to redirect people to different websites by changing the ip address of the domain name that they were trying to reach. For example I created a new zone file called "Facebook.com" and then I created a NEW A record that pointed to amazon.com which Amazon's public IP Address is 13.33.117.238.  After I successfully created A record in my Zone file I ping www.facebook.com in the command line to make sure it was getting 13.33.117.238 which it was. Then I  opened a browser and tried to navigate to Facebook. Once I loaded the page I got the error "Your connection is not private" because it couldn't match the SAN on the certificate. Because it was looking at the certificate for Amazon which I knew this error would pop up. I clicked advanced expected to find "Processed to this unsafe website" link. but I didn't find it. Instead I found this new error message. I knew DNS redirecting working because OPEN DNS does it all the time! All I want to do is redirect clients to a difference IP address when their type in a certain domain name. Never imagined this would be so difficult!  

    Sunday, January 27, 2019 9:58 AM

All replies

  • Hi,

    DNS records only map names to IP addresses or other names.

    Based on your description, we recommend you try IIS HTTP Redirects for redirection.

    For your reference:

    HTTP Redirects <httpRedirect>

    https://docs.microsoft.com/en-us/iis/configuration/system.webServer/httpRedirect/


    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, January 28, 2019 7:45 AM
  • Thank you for replying! Also, I know DNS only maps domain name to IP address but I wanted my local DNS server to tell my client that www.facebook.com goes to www.amazon.com not because of a redirected but because I changed the ip address that points to Amazon's public ip address when you type in www.facebook.com  But I keep getting the error above. I know the DNS is changed because when I ping the domain name www.facebook.com it comes back with Amazon public ip address. But it will not open the page. Because that darn SSL error! How do I bypass it or solved the error? This is a huge down! Since you can no longer click "Proceed to unsecured ip address" when the ssl warning certificates come up!:(
    Monday, January 28, 2019 8:15 AM
  • Hi,

    Thanks for the reply.

    I'm sorry to say that based on our research, we may not support this feature currently. Redirecting a public website to another may be recognized as malicious redirect and that's why it is intercepted. We are not able to visit such websites without valid security certificates just for security reasons.

    However, if you are running your own company website and would like to provide different sets of DNS information for internal and external clients, we recommend you look at DNS Policy for Split-Brain DNS.

    You may get more detailed information from the following article:

    Use DNS Policy for Split-Brain DNS Deployment

    https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment

    Your understanding is appreciated.

    Regards,

    Zoe

     


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 29, 2019 6:03 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

     

    Best Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 31, 2019 8:48 AM
  • Hi,

    Was your issue resolved?

    We'd love to hear your feedback about the solution.

    If there is anything else we can do for you, please feel free to post in the forum.

    Thank you for your understanding and support.

    Regards,

    Zoe


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 4, 2019 2:33 AM