I would like to redirect all customer web traffic to a single page on a local server when I have an upstream Internet connection failure. This is so that all customers get a “sorry service is temporarily unavaliable” page as soon as they try to browse to a site on the Internet. The technique is similar to that desribed in this thread for redirecting non-paying customers:
I have setup a DST-NAT rule to redirect all port 80 tcp traffic to the local server and that works fine, I enter http://1.1.1.1 into the browser and it gets the page from the local server. The trouble is, when I enter a domain name in the browser like http://www.google.com, the browser first does a DNS lookup (assuming the local cache is empty), which fails if the cache on the MT does not have that address. No ‘real’ DNS lookups can be performed because there is no connection to the Internet.
The ideal solution would be to be able to add a wildcard static entry to the DNS cache on the MT to just return any IP address for any DNS lookup, like * = 1.1.1.1, but this does not seem possible.
The only option would seem to be to run a DNS server on the same local machine that serves the “sorry…” web page, that can do this kind of wild card lookup. The machine is running W2K. Does such a piece of software exist?
I have thrown together a small but effective (still experimental ) Windows executable that does just this - works as a DNS server and returns the same ip address for all A queries.
If interested, contact me offline (info at cmit dot de)…
I would say just returning a VERY low TTL (like only a few seconds max) should make this a non-issue.
At least, if the clients implementation isn’t broken. Clients not correctly interpreting the TTL value (and forgetting the cache entry after that few seconds in our case) could run into problems.
But I suppose that’s not much of a problem - I will test some common Windows machines, though…
Ignoring the DNS TTL piece - you will run into issue with IE caching the hostname / ip. Not the ie temp files but an almost internal dns type cache without a ttl…
Sam - I’m still working on this but I think this IE cache applies only per instance of IE? So when the browser is closed and a new one is opened it should be OK? I’ve noticed Outlook does a similar thing.
In any case, I am doing both the DNS spoofing and a DST-NAT of all web traffic. So if IE does a successful look up, either from the “spoof” server or it’s internal cache, it should still get my page only. The idea of the spoof server is just to stop the browser returning “page cannot be found..” because the DNS look up has failed. That’s the theory anyway…
I’ve just got to get all the !$%^& viruses and crapware off the machine to do some more testing!
Well, quite successful though there’s a bit going on that I don’t understand.
The setup is one W2K PC running Christian’s fakedns program and a web server just serving the “Sorry…” page, on 10.0.51.2. A second PC running XP is setup like a customers machine with 192.168.51.50. These are both connected to the private interface of a MT router, which is the gateway for both 10.0.51.0/24 and 192.168.51.0/24. There is a DNS cache on the MT with redirect rules like this:
3 ;;; Redirect UDP DNS Requests to local chache
src-address=!10.0.51.2/32 in-interface=private dst-address=:53 protocol=udp action=redirect
4 ;;; Redirect TCP DNS Requests to local chache
src-address=!10.0.51.2/32 in-interface=private dst-address=:53 protocol=tcp action=redirect
As you can see, 10.0.51.2 does not normally run through the cache but I don’t think this is relevant.
To implement the redirect to the web server on 10.0.51.2 I enable these three rules at the top of the DST-NAT table:
0 X ;;; Redirect UDP DNS Requests to 10.0.51.2
src-address=192.168.51.50/32 in-interface=private dst-address=:53 protocol=udp action=nat
to-dst-address=10.0.51.2 to-dst-port=53
1 X ;;; Redirect TCP DNS Requests to 10.0.51.2
src-address=192.168.51.50/32 in-interface=private dst-address=:53 protocol=tcp action=nat
to-dst-address=10.0.51.2 to-dst-port=53
2 X ;;; *****Redirect all web requests from customer network to NMS1 port 80
src-address=192.168.51.50/32 in-interface=private dst-address=:80 protocol=tcp action=nat
to-dst-address=10.0.51.2 to-dst-port=80
Now, when I browse to any page on the 192.168.51.50 machine it gets the “Sorry…” page. Great! When I ping a domain from a command prompt, it pings 10.0.51.2. Great!
What I don’t understand is:
It takes several minutes after I disable the above NAT rules before domain names are resolved normally. What’s the TTL, Christian?
When I do ipconfig/displaydns (while the NAT rules are enabled) on the ‘customer’ machine, the cache just shows the entries for localhost nothing for 10.0.51.2. When the NAT rules are disabled and domains resolve normally again, the cache starts to fill up as I would expect. What’s happening here?
Update: Not quite as successful as I thought. Typing a URL into IE works OK, as does the default page and favorites. However, clicking on a link in the history pane results in Page Cannot Be Found.
) Windows executable that does just this - works as a DNS server and returns the same ip address for all A queries.