I would like to know if there is a way to add static CNAMEs to the Mikrotik DNS. When I add a static DNS entry it always resolves the domain name to an IP.
The problem: I have a website that is commonly abused in my network and I need to redirect it to another website, but the IP address of the server I’m redirecting to holds several sites and if you direct straight to IP it merely shows the Apache setup page.
Any help would be greatly appreciated.
That’s not how it should work. Even if a record is a CNAME the result set either contains the A record for that CNAME as a courtesy, or the client will go and specifically ask for it. At some point the client has to connect to an IP address.
Here’s an example of asking for www.google.com. The response is that there’s only a CNAME for www.google.com, which is www.l.google.com. The result set then also contains several A records for www.l.google.com, even though I didn’t specifically ask for them. The client will then pick one of those IPs in the A records and connect, and ask for www.google.com at that IP.
$ dig www.google.com
; <<>> DiG 9.7.3 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50165
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 86389 IN CNAME www.l.google.com.
www.l.google.com. 289 IN A 74.125.224.209
www.l.google.com. 289 IN A 74.125.224.212
www.l.google.com. 289 IN A 74.125.224.210
www.l.google.com. 289 IN A 74.125.224.211
www.l.google.com. 289 IN A 74.125.224.208
;; Query time: 64 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 14 19:59:33 2011
;; MSG SIZE rcvd: 132
$ curl -v --head www.google.com
* About to connect() to www.google.com port 80 (#0)
* Trying 74.125.224.212... connected
* Connected to www.google.com (74.125.224.212) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: www.google.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
[...]
You’re probably getting the default apache page because you aren’t implementing the host name the client is asking for as a virtual host, or aren’t implementing the virtual host under the IP address the client resolves to. It shouldn’t matter that you serve an A record. The client resolves a name to an IP, connects to port tcp/80 at that IP, and issues an HTTP GET with a “Host: blah.com” request header. How it resolved the IP is irrelevant.
I don’t guess you understand my issue.
I want to redirect requests for badsite.com to goodsite.com, but when I create a static DNS entry into ros it resolves goodsite.com to 74.xxx.xx.x and creates an Arecord. Yes, the webserver is virtual so when there is no badsite.com hosted on the server you are directed to the Apache default page.
Cheers
I understand the issue perfectly fine.
Right now the client asks for badsite.com and gets served 1.1.1.1 via an A record. It then connects to 1.1.1.1 and asks for badsite.com.
Creating a CNAME for badsite.com to goodsite.com isn’t going to do you any good, because a client would ask for badsite.com, get goodsite.com as a CNAME, then resolve the A record for goodsite.com, and get 1.1.1.1. The client then connects to 1.1.1.1 and asks for badsite.com.
The outcome is exactly the same in both cases. A CNAME is not a redirect. The client doesn’t change the host it asks for in the HTTP request header.
If you want to pretend to be badsite.com you’re going to have to configure your web server to be badsite.com.
What good do you think a CNAME would do you?
Understood.
You are right and I am wrong.
Thank you for your help in this matter.
as the solution, you may set IP address for static DNS entry to RouterOS IP, and then use dst-NAT + webproxy to redirect that http request to any website you want
An example:
lurkmore.to is blocked in my country, but there are several mirrors, for example lurkmo.re
All the results found by Goodle lead to lurkmore.to
Both lurkmore.to and lurkmo.re work through CloudFlare, so both result in the same IP address. The only difference by which CloudFlare (and my provider) distinguishes sites is the name. So there MUST be a simple solution to provide an alias.
Exactly. The name. So any DNS tricks won’t work.
You need to point original site to some proxy (for example, nginx) — it is done by A record, so RouterOS can do this for a long time now; then redirect user’s browser to mirror site. PROFIT.
You are right.