DNS Aliases with HTTP Redirection

Author by Shannon Fritz

DNS Aliases with HTTP Redirection

I sometimes want an easy way to remember a long URL without relying on bookmarks or saved favorites.  NameCheap.com, my favorite registrar and name service provider, offers something called a “URL Redirect (301)” in their external DNS manager which is a brilliant use of a DNS name that resolves to one of their own web servers that then bounces you to the real URL you’re looking for.  It’s great, but I needed the same thing for Internal DNS…and it turns out this is really easy to do.
An Example

I have been working with ADFS a lot lately, and there are two URL’s that are particularly useful when testing a deployment; one that you can use to Sign In to validate authentication works, and one toSign Out which deletes the cookies stored in the browser by ADFS. But look at these crazy URLs! I constantly have to look them up and it’s just silly to have to copy paste them all the time. Plus, I would _never_ tell a user to type that out, so it has limited usefulness. What I really want to do is type something simple in the browser to access these useful URLs; something intuitive, like… Heck, why not all four? It’s easy, and here’s how.
What you Need

For the most part, all you need is an IIS web server with the HTTP Redirection role installed. After that you just configure a site name in IIS with the URL you want it to redirect to. The last part is a DNS record that points to your web server. There, you’re all done!
See also – http://www.iis.net/configreference/system.webserver/httpredirect
Web Server Setup

On a Windows Server 2012 R2 host, install the “Web Server (IIS)” role with all the defaults.

You also want to add one of the additional “Common HTTP Features” called “HTTP Redirection“.
I like to make a new root folder for the custom web sites that I host on the server. I usually just make C:\SITES and in there create new folders for each site. In this scenario, I’m not really hosting any content and I’m just bouncing web requests to other URLs, but this step is important because each site will have a custom web.config file stored in this location.

So first I’ll make the “signin” folder, as well as one for “signout”, “login” and “logout” folders.

Now we can open up IIS and add a new Website

The first one I’ll call “signin” and set the physical path to the similarly named folder I created earlier. Then I’ll set the Host name to the Full Qualified Domain Name (FQDN) that I want to be able to type into my browser, which is signin.techrede.net.
Then I create three more sites for signout, login and logout, using their own folders and FQDNs.

I’ll select the signin Web site in the left column and double click the HTTP Redirect feature.

We want this one to redirect to the idpinitiatedsignon.htm page, redirect all requests, and use the Permanent (301) redirection. Click Apply, then repeat this setup for the login site too.

The only difference for the signout and logout sites is the URL that I want to redirect to.
DNS Setup

Now that the web server is ready, we just need a simple DNS record so users will find it!

I just create a couple DNS CNAME records for signin, signout, login and logout that all resolve to the IIS Web server (web1.techrede.net in this example). And that’s it! Now when a user types “signin.techrede.net” it’ll hit the web server and bounce to the ADFS signin page. Same goes for signout, login and logout.
Yay, done!
Tips and Troubleshooting

DNS Cache – When testing, you may need to use “ipconfig /flushdns” to make sure you can resolve the DNS records you just created.
Local Browsing – Keep in mind that the Web server itself probably will not load the sites or get redirected if you are trying to run the browser from a session on that web server directly. You’re better off testing the URLs from a different computer like a normal client would behave.
Other Sites - You can use this redirection trick to bounce to any FQDN that you like! It doesn’t have to include a path, nor does it even need to be in the same domain. For example, I also like to set up these URLs for Redirection: That last one is for Workplace Join! I’m sure you can imagine other URL’s that would benefit from having some kind of easy to remember alias.
Hostnames only - You’ll notice that users must enter the FQDN in order for redirection to take place. If they enter just the hostname, like http://signin/ for example, the user will just see the default IIS page. This happens because the DNS record points to the web server, but IIS is not listening for (or bound to) that actual name, and so the Default Web Site is displayed.

If you want these really short names to work as well, you just need to edit the Bindings of the site to also listen on these shorter names. However, you should note that you cannot make this work with external DNS since a domain name will be required there, so you might want to enforce the habit to use FQDNs.

Click on the web site, then click Bindings and Add the new host name for the site.
Pro Tip - The earlier examples used two different web sites for “signin” and “login”, but both redirect to the same URL. You can combine these into just one site by simply adding multiple Host name bindings.

The only real drawback is that it might be harder to understand how this is working when you or someone else comes in to look at your configuration.
N’joy!
Author

Shannon Fritz

Infrastructure Architect & Server Team Lead