joeypesci Posted March 7, 2011 Share Posted March 7, 2011 In the UK and I can get the IPs of google.co.uk via nslookup, but can't get hold of the .com ones. Messing about testing a host file for redirecting from google to yahoo. If user types google.co.uk the host file appears to work and they get redirected to Yahoo. They type google.com and it goes to google.co.uk (as google detects the country you're in). Make sense? So would like the .com IPs so if they type that it also goes to yahoo.co.uk Quote Link to comment Share on other sites More sharing options...
digininja Posted March 7, 2011 Share Posted March 7, 2011 in a hosts file you say what host names should go to what IPs so you would put <yahoo's IP> google.com google.co.uk www.google.com www.google.co.uk to send any one trying to get to either .com or .co.uk to yahoo. It doesn't matter what the .com IP addresses are. Quote Link to comment Share on other sites More sharing options...
joeypesci Posted March 7, 2011 Author Share Posted March 7, 2011 (edited) Ah yes :) works now thanks :) I didn't know you could do <ip address here> google.com google.co.uk all on the same line. Never really touched the host file before. Edited March 7, 2011 by joeypesci Quote Link to comment Share on other sites More sharing options...
joeypesci Posted March 7, 2011 Author Share Posted March 7, 2011 It appears that the search provide box in IE, bypasses the host file, so if they use that, it won't work. Quote Link to comment Share on other sites More sharing options...
digip Posted March 7, 2011 Share Posted March 7, 2011 It appears that the search provide box in IE, bypasses the host file, so if they use that, it won't work. You can change and even disable the search box in IE. To do it system wide on all machines(such as a corporate domain), you would need to push out a group policy to enforce it, as well as remove the ability to change or access this within IE, but even if its set to say bing.com, it should still honor the hosts file on the machine. The other option is an internal proxy server that sits between your users and the outbound gateway and you can redirect for any site you want without them messing about with the PC. Just have to enforce a proxy setting on all desktop browsers and drop anyone trying to reach the outside if not through the proxy. Thats how it was set up at my last job, you couldn't reach the Internet without using the proxy, and solves the issue of 1, using host files on each desktop, and 2, stopping someone from using their own machine(ie: laptop) from being able to use the work network for surfing unrestricted. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 7, 2011 Share Posted March 7, 2011 It is a feature called DNS Pinning. To stop users being diverted away from sites by changes like you are trying to do, some browsers will cache the look up the first time they do it then remember that for the rest of the session. Doesn't matter what you do to your hosts file after they have cached it. Try closing IE down then restarting it with the changes in place and you should see that your change gets honored. Quote Link to comment Share on other sites More sharing options...
digip Posted March 7, 2011 Share Posted March 7, 2011 (edited) It is a feature called DNS Pinning. To stop users being diverted away from sites by changes like you are trying to do, some browsers will cache the look up the first time they do it then remember that for the rest of the session. Doesn't matter what you do to your hosts file after they have cached it. Try closing IE down then restarting it with the changes in place and you should see that your change gets honored. I forgot about the dns client service. Like you said, windows will cache dns lookups but they expire after a certain amount of time. I just don't remember what that time limit is but you can also try "ipconfig /flushdns" to clear it instead of rebooting. If that doesn't work, then IE may have a hard coded address or different lookup priority. I know in 7 vs XP certain things take priority over others, such as IPv6 gets queried first, and if not found, reverts back to IPv4. This can be changed in the registry for which gets used first, as well as the time limit on the DNS cache and what lookups go to the host file before outbound lookups. I don't have the link handy, but there is a MSFT KB article(s) that talk about it if I recall. edit:The other thought, if this is on a domain, you have your own DNS server setup, correct? You should be able to put in a cname or even an a record to do the redirect for the clients, so no messing with host files on the client machines. Edited March 7, 2011 by digip Quote Link to comment Share on other sites More sharing options...
digininja Posted March 7, 2011 Share Posted March 7, 2011 It is the browser itself that fixes the IP to the domain on first look up, doesn't matter how much you change the underlying OS they should stay pinned together. And the pinning doesn't expire, regardless of the timeout set on the actual DNS entry. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 8, 2011 Share Posted March 8, 2011 It is the browser itself that fixes the IP to the domain on first look up, doesn't matter how much you change the underlying OS they should stay pinned together. And the pinning doesn't expire, regardless of the timeout set on the actual DNS entry. Could a script be written to prevent the browser from looking up a particular dns record? Quote Link to comment Share on other sites More sharing options...
digininja Posted March 8, 2011 Share Posted March 8, 2011 Not if you want the browser to be able to browse to that site. If it can't do the DNS look up then it won't be able to go any further. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.