If you want to manipulate DNS-Entries before and without ISP-DNS Resolution you can do it with extra DNS-Server at your site. Best thing would be putting this DNS in DMZ-Zone.
e.g. Youre hosting WebEx and have one Public-URL to connect. Your Internal Clients will always route the traffic via Internet. To avoid this you can override the DNS – Resolving at your ISP with an own DNS. It’s also possible with your own Windows-DNS but… I like Linux 😉
Here I did with Linux, because its free:
Install BIND and configure named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 10.1.10.100; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.1.0.0/16; 10.2.0.0/16; };
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.iscdlv.key";
//managed-keys-directory "/var/named/dynamic";
forwarders { 8.8.8.8; 8.8.4.4; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//zone "." IN {
// type hint;
// file "named.ca";
//};
include "/etc/named.rfc1912.zones";
Important parts of config:
Who is allowed to query this DNS?
allow-query { localhost; 10.1.0.0/16; 10.2.0.0/16; };
Forward-Adresses for DNS-Requests which cannot be handled/resolved by the local DNS
forwarders { 8.8.8.8; 8.8.4.4; };
For your linking your own zones:
include "/etc/named.rfc1912.zones";
If you do changes, dont forget to restart
/etc/init
.d
/named
restart
If you now want to override some URLS you have to create a link inside of /etc/named.rfc1912.zones
zone "override.untony.org" IN {
type master;
file "named.override.untony.org";
allow-update { none; };
};
and of course a file in /var/named called named.override.untony.org (in our example)
$TTL 86400
@ IN SOA @ root (
2013111501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS localhost.
@ IN A 194.232.104.3
When you now put this DNS Server in your Active-Directory DNS as a forwarder every Request which goes to override.untony.org will be resolved with 194.232.104.3
which us a total different site.
How-To change Forwarder in Active Directory-DNS:
in DNS Console right click the DNS and choose Properties.
Then navigate to forwarders tab and enter the IP-Adress of the new DNS, usually you have there your ISP-DNS or Google DNS servers.