How do I map a www cname record to ONLY respond to http requests?

  • Thread starter Thread starter \Rob\
  • Start date Start date
ftp.mydomain.com is using your default IIS web, same as junk.mydomain.com
would do. This is not a DNS however. Dns returns the IP, which is did -
now its out of the picture. You could create Host Headers on the IIS to
disallow certain domains. You want some kind of default site as you want
people to see your site even if they finger the url up like ww.mydomain.com,
etc. You could add a host header for ftp.mydomain.com that URL redirects
somewhere else or displays a diff page, etc.
 
My DNS server is configured to only respond to myHost.myDomain.com and
myAlias(s).myDomain.com. If they don't type the right thing, DNS will fail
as will junk.myDomain.com. What would be the point in setting up these
records otherwise? Are you saying I have to create host headers for every
host/alias set up in DNS to disallow requests for non-corresponding
host/aliases? [I'm sure I can use wildcards to answer my own question].
Putting IIS aside, what about directing any server (such as Telnet) to only
respond to requests from it's corresponding host/alias set up in DNS
(telnet.myDomain.com)? In a nut shell, is there a way to map DNS host/alias
requests to a listening server port? From my understanding, Microsoft
clients can request available services/ports from DNS SRV records but that
doesn't map specific host/alias requests to a specific service.

Thanks.

--
 
In "Rob" <@> posted a question
Then Kevin replied below:
: How do I map services to protocols? For example, I have CNAME records
: for WWW and FTP. Both map to the same "A" record. Right now
: http://www.mydomain.com and http://ftp.mydomain.com respond but I
: only want WWW for http and FTP for ftp. Thanks.

DNS doesn't work that way, if a query is made for the CNAME record DNS does
not care what it is wanted for, it just responds to the query.
 
My DNS server is configured to only respond to myHost.myDomain.com and
myAlias(s).myDomain.com. If they don't type the right thing, DNS will fail
as will junk.myDomain.com. What would be the point in setting up these
Click to expand...

If that's the case, then ftp.mydomain.com is not replying either, so I don't
follow what your trying to do or why.
Are you saying I have to create host headers for every
host/alias set up in DNS to disallow requests
Click to expand...

No. From your description, it sounded like you wanted an ftp record, but
did what users to be able to type ftp.mydomain.com in their browser and see
your default site.
In a nut shell, is there a way to map DNS host/alias
requests to a listening server port?
Click to expand...

Not with A records or cnames. You could do it with SRV records, but you
would have to build that logic into a client app - it will not work with
standard tools like ping, ftp, telnet, etc. They all use GetHostByName
which is A record based.

Again, I don't understand what your trying to do. Could you walk us down
the path of what your after - using example?
 
Jeff Cochran is an idiot. Why respond with "you can't do
it" - just don't reply, you fool.

I imagine that what you have is something like a DSL
connection with one IP address, or you have one server
that is doing multiple jobs.

This is how you do it, using host headers:
http://support.microsoft.com/?id=190008
This document tells you how to set the Web site to
respond to the name www.mydomain.com on port 80
to "default IP address". This means that your webserver
will not respond to the request http://ftp.mydomain.com

It seems more complex for the FTP site, you could make
the site only respond on one IP address, but that means
assigning two IP addresses to the one server. It is a
good idea to make the IP addresses on the same subnet
when they are on the same server, as having two default
gateways causes big problems and you would need to
install and configure OSPF or another routing protocol
and configure it - make the IP addresses sequential or
near each other.

Alternatively, you could use NAT (that is if you are in
the example of using DSL with one real IP address) and
assign two Private IP addresses to the one server, and
have the FTP service respond on one IP, and the WWW
service respond on the other, and let the firewall/router
NAT the real IP address to the two private IP addresses.

As for other protocols, like Telnet, you need to
configure this at the telnet server level (I don't think
there is a telnet server included in Windows). This is
the same for most other things - it's at the application
level that these need to be configured.

Hope that this is more helpful than a negative response.
 
In Christian Wickham <[email protected]> posted a
question
Then Kevin replied below:
: Jeff Cochran is an idiot. Why respond with "you can't do
: it" - just don't reply, you fool.
:
: I imagine that what you have is something like a DSL
: connection with one IP address, or you have one server
: that is doing multiple jobs.
:
: This is how you do it, using host headers:
: http://support.microsoft.com/?id=190008
: This document tells you how to set the Web site to
: respond to the name www.mydomain.com on port 80
: to "default IP address". This means that your webserver
: will not respond to the request http://ftp.mydomain.com
:
: It seems more complex for the FTP site, you could make
: the site only respond on one IP address, but that means
: assigning two IP addresses to the one server. It is a
: good idea to make the IP addresses on the same subnet
: when they are on the same server, as having two default
: gateways causes big problems and you would need to
: install and configure OSPF or another routing protocol
: and configure it - make the IP addresses sequential or
: near each other.
:
: Alternatively, you could use NAT (that is if you are in
: the example of using DSL with one real IP address) and
: assign two Private IP addresses to the one server, and
: have the FTP service respond on one IP, and the WWW
: service respond on the other, and let the firewall/router
: NAT the real IP address to the two private IP addresses.
:
: As for other protocols, like Telnet, you need to
: configure this at the telnet server level (I don't think
: there is a telnet server included in Windows). This is
: the same for most other things - it's at the application
: level that these need to be configured.
:
: Hope that this is more helpful than a negative response.
:

I'm going to take up for Jeff on this one, who are you to call him an idiot
when your response has nothing to do with the question.
The question was how to make the record point to a protocol he wants you to
be able to type in www.mydomain.con and get the web server and for you to
type in ftp.mydomain.com and get the FTP server. It won't happen if you type
in ftp.mydomain.com you will still get the web server. You must type in
ftp://ftp.mydomain.com to get the FTP server. This is just the way browsers
work they default to http and DNS won't tell the browser what protocol to
use. Be sure you understand the question before you call someone an idiot.
There is an answer, but not through DNS. You would need a website with a
host header for ftp.mydomain.com then redirect it to ftp://ftp.mydomain.com/
 
One thing that I have taught all my staff in the last 10
years (and thats over 35 people) about supporting people
is that you should not focus on the WORDS that someone is
saying, but focus on the MEANING of what they are saying.
If Rob knew how to express the problem that he was having
in a different way, then he would be able to look it up
in the Knowledge base or help, but because he does not
know how to do it, he does not know how to use the right
terms. This is normally the biggest hurdle before being
able to get support.
I looked at what Rob said in his posting and then took
understanding of his issue before posting a reply - not
blindly looking at what he said and only answering that.
You have to learn to read between the lines as not
everyone knows what they want.

Have a look at the title of the posting - this was
answered by my answer.

Also, have a read of the last paragraph of my posting,
this states that it is at the application level that
changes need to be done, depending on the application or
service.
If you look at Rob's original posting, you will see that
he never asks how to do it in DNS - in fact he never
refers to DNS at all. Why did you decide to state that
you can't do it through DNS? Rob wants to know how to do
it, not methods that don't work.
Along the same lines as your reply, my response is that
you can do this by using cheese - an equally pointless
response.
I know that your response is going to be that this is a
DNS newsgroup - but my response is in the first
paragraph, Rob did not know how to do it so he posted the
message in the closest newsgroup. I applaud Rob for not
posting his message in the general newsgroups.

I notice that your posting states almost exactly what I
said as the resolution for Rob's issue, although you do
not point out that Rob needs to create an html page for
his website that redirects to the FTP site, with the
command

<meta http-equiv="REFRESH" CONTENT="1;
URL=ftp://ftp.mydomain.com">
</head>

in the header of the html file, so that it redirects
after one second to the ftp site.

Notice what I am doing here - constantly trying to help
not only Rob, but anyone else who has a similar problem.
The magic to supporting people is to do just that -
support them. Anyone that is working in user support
should get away from the attitude that many people have,
the negative and dismissive point of view that it is
impossible to achieve the objective because someone has
not described it correctly.

-----Original Message-----
In Christian Wickham
Click to expand...
 
In Christian Wickham <[email protected]> posted a
question
Then Kevin replied below:
: One thing that I have taught all my staff in the last 10
: years (and thats [sic] over 35 people) about supporting people
: is that you should not focus on the WORDS that someone is
: saying, but focus on the MEANING of what they are saying.
: If Rob knew how to express the problem that he was having
: in a different way, then he would be able to look it up
: in the Knowledge base or help, but because he does not
: know how to do it, he does not know how to use the right
: terms. This is normally the biggest hurdle before being
: able to get support.
: I looked at what Rob said in his posting and then took
: understanding of his issue before posting a reply - not
: blindly looking at what he said and only answering that.
: You have to learn to read between the lines as not
: everyone knows what they want.
:
: Have a look at the title of the posting - this was
: answered by my answer.
:
: Also, have a read of the last paragraph of my posting,
: this states that it is at the application level that
: changes need to be done, depending on the application or
: service.
: If you look at Rob's original posting, you will see that
: he never asks how to do it in DNS - in fact he never
: refers to DNS at all. Why did you decide to state that
: you can't do it through DNS? Rob wants to know how to do
: it, not methods that don't work.
: Along the same lines as your reply, my response is that
: you can do this by using cheese - an equally pointless
: response.
: I know that your response is going to be that this is a
: DNS newsgroup - but my response is in the first
: paragraph, Rob did not know how to do it so he posted the
: message in the closest newsgroup. I applaud Rob for not
: posting his message in the general newsgroups.
:
: I notice that your posting states almost exactly what I
: said as the resolution for Rob's issue, although you do
: not point out that Rob needs to create an html page for
: his website that redirects to the FTP site, with the
: command
:
: <meta http-equiv="REFRESH" CONTENT="1;
: URL=ftp://ftp.mydomain.com">
: </head>
:
: in the header of the html file, so that it redirects
: after one second to the ftp site.
:
: Notice what I am doing here - constantly trying to help
: not only Rob, but anyone else who has a similar problem.
: The magic to supporting people is to do just that -
: support them. Anyone that is working in user support
: should get away from the attitude that many people have,
: the negative and dismissive point of view that it is
: impossible to achieve the objective because someone has
: not described it correctly.
:

My response was directed mainly at you for your remark about Jeff. When you
response only shows how to use host headers.
Robs Original Question was:
How do I map services to protocols? For example, I have CNAME records for
WWW and FTP. Both map to the same "A" record. Right now
http://www.mydomain.com and http://ftp.mydomain.com respond but I only want
WWW for http and FTP for ftp. Thanks.

His reply to William was:
In a nut shell, is there a way to map DNS host/alias
requests to a listening server port? From my understanding, Microsoft
clients can request available services/ports from DNS SRV records but that
doesn't map specific host/alias requests to a specific service.

You cannot do it with DNS and simply using host headers won't work either.

But the main point I'm getting to is that if your response is to call
someone and idiot. You say you have a staff of 35 under you, if your
demeanor is to call someone an idiot when they don't give the answer you
want, well let's just say I would not want to work under you. If I did, I
wouldn't for long, one way or the other.
Maybe you should take a look at your response, and think about how you would
feel if someone called you an idiot. Especially, since you didn't give a
correct answer either, William had already given the answer, I didn't see
any point in dittoing William's reply.
As you said this is the DNS group, you come here with a question about DNS,
you will get an answer that pertains to DNS.
If William's and Jeff's post had propagated sooner I would have probably
never posted. But Jeff posts in this group on a fairly regular basis and
does not shoot pointed unnecessary personal comments about anyone.
 
If you look at Rob's original posting, you will see that
he never asks how to do it in DNS - in fact he never
refers to DNS at all. Why did you decide to state that
you can't do it through DNS?
Click to expand...

Ummm.... The newsgroup is microsoft.public.win2000.dns, not
microsoft.public.win2000.im.not.sure.what.i.want.so.ill.post.it.here.

The other giveaway is that CNAME records are a DNS function, and don't
appear in any of the potential methods for resolving the original
poster's issue.
Rob wants to know how to do
it, not methods that don't work.
Click to expand...

Rob didn't ask how to solve an issue he was having, he asked how to
accomplish a specific task that cannot be done.
Along the same lines as your reply, my response is that
you can do this by using cheese - an equally pointless
response.
Click to expand...

Not pointless, in your case it's wrong. The answer to Rob's question
is that it cannot be done. The solution to what Rob wants to
accomplish may be available.
I know that your response is going to be that this is a
DNS newsgroup - but my response is in the first
paragraph, Rob did not know how to do it so he posted the
message in the closest newsgroup. I applaud Rob for not
posting his message in the general newsgroups.
Click to expand...

The answer is off topic, the original post as asked, is not. It's a
specific question about a specific DNS record type. And it has a
specific answer.
Notice what I am doing here - constantly trying to help
not only Rob, but anyone else who has a similar problem.
Click to expand...

Very honorable and applaudable. But still in the wrong place.
The magic to supporting people is to do just that -
support them. Anyone that is working in user support
should get away from the attitude that many people have,
the negative and dismissive point of view that it is
impossible to achieve the objective because someone has
not described it correctly.
Click to expand...

I'll amend my original answer then:

You can't do that using DNS. You may be able to use an alternate
method to accomplish your goal, try asking for help in accomplishing
your goal in a networking or protocol group for suggestions.

Satisfied?

Feel free to call me an idiot as you see fit. But please don't stop
helping people out with the correct answers, in the correct forums.

Jeff
 
im agreeing w/ cristian. i look thru these groups for
answers w/ questions.the answers r not in the rite group
everytime.

it is bad when i reed answers that r saying it is cant
be done
i like it when i learn new things from answers 2
questions that did not ask for it!!
 
Mostly agree Jeff. However it "could" be done with DNS, just not with the
off-the-shelf tools and existing things like IE or native ftp client. Your
application could leverage TXT, SRV (etc) RRs and do something special with
the RData. You can't do it without some programming true. But even then, I
would not bet a million and say "can't" as there are a lot of creative
people out there. :-) Cheers!
 
Mostly agree Jeff. However it "could" be done with DNS, just not with the
off-the-shelf tools and existing things like IE or native ftp client. Your
application could leverage TXT, SRV (etc) RRs and do something special with
the RData. You can't do it without some programming true. But even then, I
would not bet a million and say "can't" as there are a lot of creative
people out there. :-) Cheers!
Click to expand...

Naturally, you're correct. As usual. :)

Though I'm not inclined, I'll bet there's someone out there who could,
and is willing to, write this to solve a fair number of issues with
small/home networks dealing with single IP issues. Unfortunately,
it's probably wouldn't be a moneymaker since the cost might be more
than getting the extra IP in the first place.

Though it might be a viable feature for one of the dynamic redirection
companies to incorporate.

Jeff
 
CW> Jeff Cochran is an idiot.

He may well be. (I suggest that you look up the etymology of the word.)

CW> Why respond with "you can't do it"

It's an appropriate response when it's the truth.

CW> [...] using host headers [...] your webserver
CW> will not respond to the request http://ftp.mydomain.com

This is a good example of why Jeff Cochran's response was better than yours.
Yours is downright wrong. Using host headers does not prevent a content HTTP
server from responding. It merely affects _how_ it responds.

CW> Hope that this is more helpful than a negative response.

It's foolish to assert that responses telling one that something cannot be
done are not helpful.
 
KP> it is bad when i reed answers that r saying it is cant be done

No, it isn't. Learning what tasks are impossible, and what tools are
unsuitable for particular tasks, is an important thing.
 
Back
Top