# MS2003 DNS - redirect or forward DNS domain to external website - help!



## leeviker (Oct 2, 2006)

I have an MS2003 server running in the DMZ which hosts our external DNS. We apparently have a 3rd party vendor hosting an onlinestore for our company. I have a 'mycompany.com' zone in DNS. I need to create a setup in DNS where onlinestore.mycompany.com is redirected to an external address at www.3rdparty.com/mycompany . I created a subdomain called 'onlinestore' under 'mycompany.com' in DNS. In the 'onlinestore' folder in DNS I created a CName entry to point to 'www.3rdparty.com/mycompany . 

Will this work? It doesn't seem to and I need a solution ASAP!

thanks,
Lee


----------



## DaMCT (Oct 2, 2006)

With this design you will be using what is known as "Split DNS" that is you will be using separate internal and external DNS views of your domain's network using Internal and External name servers. To set this up configure your internal DNS servers to forward to:

1. The internal ip address(s) of your firewalls (if you have them) and then configure your firewalls to forward to your external DNS server. 

OR

2. The exteranal DNS server.

Remember that your External DNS servers should only contain a small number of records that you want the rest of the world to see. Records in External DNS should be MX (Mail Exchanger), FTP, Web, etc. Never anything on the inside of the network. You'll want to add the external IP's of your firewalls too if you are using firewalls.

In order for your DNS deployment to work over the Internet, both the IP addresses and DNS domain name used by your network must be registered with an authorized Internet registrar. These organizations are responsible for assigning IP addresses and DNS domain names and keeping public records of the assignments.

If you are connected to the Internet, then your company's network is most likely a subnet of your ISP's network. In this case, the IP addresses of the subnet will have been registered with the Internet registrar. 


Security items to do:

1. In the Local Area Connection Properties, uncheck all the protocols EXCEPT TCP/IP.

2. On the WINS tab, ensure that Disable NetBIOS over TCP/IP is selected. 

3. On the DNS tab clear the Register this connection’s addresses in DNS check box. 

4. Encrypt zone replication traffic by using IPSEC or VPN tunnels to hide the names and IP addresses from Internet-based users.

5. Configure firewalls to enforce packet filtering for UDP and TCP port 53.

6. Restrict zone transfers for each zone (forward/reverse).

7. Continually monitor Event logs.

8. Implement Cache Pollution Protection:
a. On Windows Server 2003 this is enabled by default.

9. Use only NTFS partitions.

The list is longer but this will get you up and running. We can talk more later on.


----------



## bilbus (Aug 29, 2006)

kill the subdomain

add a C record (alias) 
Alias name onlinestore
FQDN onlinestore.domain.com
FQDN to host www.3rdparty.com

this will foward any connection to onlinestore.domain.com and send the visiter to www.3rdparty.com

you cant add a /anything inside DNS. 

try this if you need to point to a directoy 

buy webhosting account, host index.htm (or default.htm depending on the default start page cfg)

host the webpage at onlinestore.domain.com

<meta HTTP-EQUIV="REFRESH" content="0; url=https://www.website.com/mycompany" target="_blank" onclick="return openNew(this.href);">https://www.website.com/mycompany">


----------

