Split DNS

[mtspecial]

Our ISP has a DNS entry company.com pointing to 10.4.8 server. They also have store.company.com pointing to the same server. We want to be able to take the request for store.compnay.com and redirect that request to another internal server altogether. The other server is a Windows 2003 server.

We have our DNS set internally so that it works, but externally, it goes to our default website.

Do I need to have ISP change their entry for store.company.com or is there something we can do here on our own server?

Thanks for any help.

[mtspecial]

How would you do the redirect?

Getting our ISP to change anything takes an act of congress.

[Camelot]

[QUOTE][u]Quote by: mtspecial[/u][p]How would you do the redirect?

Getting our ISP to change anything takes an act of congress.[/p][/QUOTE]

Maybe it’s time to find another ISP… 🙂
Or, at least, take over your own DNS serving.

Anyway, a redirect won’t help unless there is some other external path to the Windows server – you can’t redirect to ‘store.company.com’, for example, since that’s what the user already entered to get to the Mac server in the first place.

The solutions are that you either:

a) redirect to some other hostname that points to the Windows server – which may invoke the wrath of the ISP if you need them to change DNS, too.
b) proxy the connection so that the traffic goes user -> Mac -> Windows -> Mac -> user

Option b will be seamless to the user, but is not something that can be done via Server Admin – you’ll need to manually edit your site’s configuration files.
In addition, I’m assuming you’re using SSL on your store and I’ve never tested proxying with SSL – I’d assume that you set it up on the SSL site, and install the store SSL certificate on the Mac, and proxy the connection via a non-SSL connection to the internal server, but it’s something I can only theorize on.

[luke]

Camelot is right. There is no way to do a redirect with DNS. You can do a redirect with HTTP though.

In Camelot’s option A, you would set up a web site on the mac, let store.company.com point to it, and have it serve an HTTP redirect to store2.company.com. store2.company.com would point to the Windows box and you would be on your way. Of course, if you can’t change the first domain, you probably can’t create store2.company.com to point to the windows box either. You could redirect to the IP of the windows box, but that’s going to look pretty amateur to your customers.

Option B is much better, but quite a bit tougher. If you’ve got a linux or OpenBSD firewall in front of the mac, you can quite easily have it watch for a certain type of traffic and rewrite the packets to go to the windows server. This won’t involve the mac at all, and will actually be very seamless (even with SSL). If you don’t have that sort of firewall in place, or aren’t familiar with how to configure it, it could be quite difficult. Let me know if you’re interested in this route though and I’ll dig up some resources.

Option C is really the easiest and best way: Get them to change the damn DNS or take your business elsewhere. I have a domain with Network Solutions and I use their DNS hosting which is included with the domain (although it’s hidden in their control panel). You have full control over the DNS records (A, CNAME, etc) through a web interface. You can be sure they’ve got good uptime, too.

[Author]

Posts