Jump to content

Google.com

joeypesci

By joeypesci
in Security

 Share

Recommended Posts

joeypesci Newbie

joeypesci

Posted
Posted

In the UK and I can get the IPs of google.co.uk via nslookup, but can't get hold of the .com ones.

Messing about testing a host file for redirecting from google to yahoo.

If user types google.co.uk the host file appears to work and they get redirected to Yahoo. They type google.com and it goes to google.co.uk (as google detects the country you're in).

Make sense?

So would like the .com IPs so if they type that it also goes to yahoo.co.uk

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

in a hosts file you say what host names should go to what IPs so you would put

<yahoo's IP> google.com google.co.uk www.google.com www.google.co.uk

to send any one trying to get to either .com or .co.uk to yahoo. It doesn't matter what the .com IP addresses are.

Link to comment
Share on other sites
joeypesci Newbie

joeypesci

Posted
  • Author
Posted (edited)

Ah yes :) works now thanks :)

I didn't know you could do

<ip address here> google.com google.co.uk

all on the same line.

Never really touched the host file before.

Edited by joeypesci
Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

It appears that the search provide box in IE, bypasses the host file, so if they use that, it won't work.

You can change and even disable the search box in IE. To do it system wide on all machines(such as a corporate domain), you would need to push out a group policy to enforce it, as well as remove the ability to change or access this within IE, but even if its set to say bing.com, it should still honor the hosts file on the machine. The other option is an internal proxy server that sits between your users and the outbound gateway and you can redirect for any site you want without them messing about with the PC. Just have to enforce a proxy setting on all desktop browsers and drop anyone trying to reach the outside if not through the proxy. Thats how it was set up at my last job, you couldn't reach the Internet without using the proxy, and solves the issue of 1, using host files on each desktop, and 2, stopping someone from using their own machine(ie: laptop) from being able to use the work network for surfing unrestricted.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

It is a feature called DNS Pinning. To stop users being diverted away from sites by changes like you are trying to do, some browsers will cache the look up the first time they do it then remember that for the rest of the session. Doesn't matter what you do to your hosts file after they have cached it.

Try closing IE down then restarting it with the changes in place and you should see that your change gets honored.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)

It is a feature called DNS Pinning. To stop users being diverted away from sites by changes like you are trying to do, some browsers will cache the look up the first time they do it then remember that for the rest of the session. Doesn't matter what you do to your hosts file after they have cached it.

Try closing IE down then restarting it with the changes in place and you should see that your change gets honored.

I forgot about the dns client service. Like you said, windows will cache dns lookups but they expire after a certain amount of time. I just don't remember what that time limit is but you can also try "ipconfig /flushdns" to clear it instead of rebooting. If that doesn't work, then IE may have a hard coded address or different lookup priority. I know in 7 vs XP certain things take priority over others, such as IPv6 gets queried first, and if not found, reverts back to IPv4. This can be changed in the registry for which gets used first, as well as the time limit on the DNS cache and what lookups go to the host file before outbound lookups. I don't have the link handy, but there is a MSFT KB article(s) that talk about it if I recall.

edit:The other thought, if this is on a domain, you have your own DNS server setup, correct? You should be able to put in a cname or even an a record to do the redirect for the clients, so no messing with host files on the client machines.

Edited by digip
Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

It is the browser itself that fixes the IP to the domain on first look up, doesn't matter how much you change the underlying OS they should stay pinned together.

And the pinning doesn't expire, regardless of the timeout set on the actual DNS entry.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

It is the browser itself that fixes the IP to the domain on first look up, doesn't matter how much you change the underlying OS they should stay pinned together.

And the pinning doesn't expire, regardless of the timeout set on the actual DNS entry.

Could a script be written to prevent the browser from looking up a particular dns record?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...