How do I map services to protocols? For example, I have CNAME records for
WWW and FTP. Both map to the same "A" record. Right now
http://www.mydomain.com and http://ftp.mydomain.com respond but I only want
WWW for http and FTP for ftp. Thanks.

ftp.mydomain.com is using your default IIS web, same as junk.mydomain.com
would do. This is not a DNS however. Dns returns the IP, which is did -
now its out of the picture. You could create Host Headers on the IIS to
disallow certain domains. You want some kind of default site as you want
people to see your site even if they finger the url up like ww.mydomain.com,
etc. You could add a host header for ftp.mydomain.com that URL redirects
somewhere else or displays a diff page, etc.

--
William Stacey, MVP

""Rob"" <@> wrote in message news:#(E-Mail Removed)...
> How do I map services to protocols? For example, I have CNAME records for
> WWW and FTP. Both map to the same "A" record. Right now
> http://www.mydomain.com and http://ftp.mydomain.com respond but I only
want
> WWW for http and FTP for ftp. Thanks.
>
>

My DNS server is configured to only respond to myHost.myDomain.com and
myAlias(s).myDomain.com. If they don't type the right thing, DNS will fail
as will junk.myDomain.com. What would be the point in setting up these
records otherwise? Are you saying I have to create host headers for every
host/alias set up in DNS to disallow requests for non-corresponding
host/aliases? [I'm sure I can use wildcards to answer my own question].
Putting IIS aside, what about directing any server (such as Telnet) to only
respond to requests from it's corresponding host/alias set up in DNS
(telnet.myDomain.com)? In a nut shell, is there a way to map DNS host/alias
requests to a listening server port? From my understanding, Microsoft
clients can request available services/ports from DNS SRV records but that
doesn't map specific host/alias requests to a specific service.

Thanks.

--

"William Stacey" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> ftp.mydomain.com is using your default IIS web, same as junk.mydomain.com
> would do. This is not a DNS however. Dns returns the IP, which is did -
> now its out of the picture. You could create Host Headers on the IIS to
> disallow certain domains. You want some kind of default site as you want
> people to see your site even if they finger the url up like
ww.mydomain.com,
> etc. You could add a host header for ftp.mydomain.com that URL redirects
> somewhere else or displays a diff page, etc.
>
> --
> William Stacey, MVP
>
> ""Rob"" <@> wrote in message news:#(E-Mail Removed)...
> > How do I map services to protocols? For example, I have CNAME records
for
> > WWW and FTP. Both map to the same "A" record. Right now
> > http://www.mydomain.com and http://ftp.mydomain.com respond but I only
> want
> > WWW for http and FTP for ftp. Thanks.
> >
> >
>
>

On Tue, 27 Jan 2004 13:24:56 -0500, "\"Rob\"" <@> wrote:

>How do I map services to protocols? For example, I have CNAME records for
>WWW and FTP. Both map to the same "A" record. Right now
>http://www.mydomain.com and http://ftp.mydomain.com respond but I only want
>WWW for http and FTP for ftp. Thanks.

You can't.

Jeff

In news:%(E-Mail Removed),
"Rob" <@> posted a question
Then Kevin replied below:
: How do I map services to protocols? For example, I have CNAME records
: for WWW and FTP. Both map to the same "A" record. Right now
: http://www.mydomain.com and http://ftp.mydomain.com respond but I
: only want WWW for http and FTP for ftp. Thanks.

DNS doesn't work that way, if a query is made for the CNAME record DNS does
not care what it is wanted for, it just responds to the query.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

> My DNS server is configured to only respond to myHost.myDomain.com and
> myAlias(s).myDomain.com. If they don't type the right thing, DNS will fail
> as will junk.myDomain.com. What would be the point in setting up these

If that's the case, then ftp.mydomain.com is not replying either, so I don't
follow what your trying to do or why.

> Are you saying I have to create host headers for every
> host/alias set up in DNS to disallow requests

No. From your description, it sounded like you wanted an ftp record, but
did what users to be able to type ftp.mydomain.com in their browser and see
your default site.

> In a nut shell, is there a way to map DNS host/alias
> requests to a listening server port?

Not with A records or cnames. You could do it with SRV records, but you
would have to build that logic into a client app - it will not work with
standard tools like ping, ftp, telnet, etc. They all use GetHostByName
which is A record based.

Again, I don't understand what your trying to do. Could you walk us down
the path of what your after - using example?

--
William Stacey, MVP

Jeff Cochran is an idiot. Why respond with "you can't do
it" - just don't reply, you fool.

I imagine that what you have is something like a DSL
connection with one IP address, or you have one server
that is doing multiple jobs.

This is how you do it, using host headers:
http://support.microsoft.com/?id=190008
This document tells you how to set the Web site to
respond to the name www.mydomain.com on port 80
to "default IP address". This means that your webserver
will not respond to the request http://ftp.mydomain.com

It seems more complex for the FTP site, you could make
the site only respond on one IP address, but that means
assigning two IP addresses to the one server. It is a
good idea to make the IP addresses on the same subnet
when they are on the same server, as having two default
gateways causes big problems and you would need to
install and configure OSPF or another routing protocol
and configure it - make the IP addresses sequential or
near each other.

Alternatively, you could use NAT (that is if you are in
the example of using DSL with one real IP address) and
assign two Private IP addresses to the one server, and
have the FTP service respond on one IP, and the WWW
service respond on the other, and let the firewall/router
NAT the real IP address to the two private IP addresses.

As for other protocols, like Telnet, you need to
configure this at the telnet server level (I don't think
there is a telnet server included in Windows). This is
the same for most other things - it's at the application
level that these need to be configured.

Hope that this is more helpful than a negative response.

>-----Original Message-----
>On Tue, 27 Jan 2004 13:24:56 -0500, "\"Rob\"" <@> wrote:
>
>>How do I map services to protocols? For example, I have
CNAME records for
>>WWW and FTP. Both map to the same "A" record. Right now
>>http://www.mydomain.com and http://ftp.mydomain.com
respond but I only want
>>WWW for http and FTP for ftp. Thanks.
>
>You can't.
>
>Jeff
>.
>

In news:5bd001c3e5e0$f729c290$(E-Mail Removed),
Christian Wickham <(E-Mail Removed)> posted a
question
Then Kevin replied below:
: Jeff Cochran is an idiot. Why respond with "you can't do
: it" - just don't reply, you fool.
:
: I imagine that what you have is something like a DSL
: connection with one IP address, or you have one server
: that is doing multiple jobs.
:
: This is how you do it, using host headers:
: http://support.microsoft.com/?id=190008
: This document tells you how to set the Web site to
: respond to the name www.mydomain.com on port 80
: to "default IP address". This means that your webserver
: will not respond to the request http://ftp.mydomain.com
:
: It seems more complex for the FTP site, you could make
: the site only respond on one IP address, but that means
: assigning two IP addresses to the one server. It is a
: good idea to make the IP addresses on the same subnet
: when they are on the same server, as having two default
: gateways causes big problems and you would need to
: install and configure OSPF or another routing protocol
: and configure it - make the IP addresses sequential or
: near each other.
:
: Alternatively, you could use NAT (that is if you are in
: the example of using DSL with one real IP address) and
: assign two Private IP addresses to the one server, and
: have the FTP service respond on one IP, and the WWW
: service respond on the other, and let the firewall/router
: NAT the real IP address to the two private IP addresses.
:
: As for other protocols, like Telnet, you need to
: configure this at the telnet server level (I don't think
: there is a telnet server included in Windows). This is
: the same for most other things - it's at the application
: level that these need to be configured.
:
: Hope that this is more helpful than a negative response.
:

I'm going to take up for Jeff on this one, who are you to call him an idiot
when your response has nothing to do with the question.
The question was how to make the record point to a protocol he wants you to
be able to type in www.mydomain.con and get the web server and for you to
type in ftp.mydomain.com and get the FTP server. It won't happen if you type
in ftp.mydomain.com you will still get the web server. You must type in
ftp://ftp.mydomain.com to get the FTP server. This is just the way browsers
work they default to http and DNS won't tell the browser what protocol to
use. Be sure you understand the question before you call someone an idiot.
There is an answer, but not through DNS. You would need a website with a
host header for ftp.mydomain.com then redirect it to ftp://ftp.mydomain.com/



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

One thing that I have taught all my staff in the last 10
years (and thats over 35 people) about supporting people
is that you should not focus on the WORDS that someone is
saying, but focus on the MEANING of what they are saying.
If Rob knew how to express the problem that he was having
in a different way, then he would be able to look it up
in the Knowledge base or help, but because he does not
know how to do it, he does not know how to use the right
terms. This is normally the biggest hurdle before being
able to get support.
I looked at what Rob said in his posting and then took
understanding of his issue before posting a reply - not
blindly looking at what he said and only answering that.
You have to learn to read between the lines as not
everyone knows what they want.

Have a look at the title of the posting - this was
answered by my answer.

Also, have a read of the last paragraph of my posting,
this states that it is at the application level that
changes need to be done, depending on the application or
service.
If you look at Rob's original posting, you will see that
he never asks how to do it in DNS - in fact he never
refers to DNS at all. Why did you decide to state that
you can't do it through DNS? Rob wants to know how to do
it, not methods that don't work.
Along the same lines as your reply, my response is that
you can do this by using cheese - an equally pointless
response.
I know that your response is going to be that this is a
DNS newsgroup - but my response is in the first
paragraph, Rob did not know how to do it so he posted the
message in the closest newsgroup. I applaud Rob for not
posting his message in the general newsgroups.

I notice that your posting states almost exactly what I
said as the resolution for Rob's issue, although you do
not point out that Rob needs to create an html page for
his website that redirects to the FTP site, with the
command

<meta http-equiv="REFRESH" CONTENT="1;
URL=ftp://ftp.mydomain.com">
</head>

in the header of the html file, so that it redirects
after one second to the ftp site.

Notice what I am doing here - constantly trying to help
not only Rob, but anyone else who has a similar problem.
The magic to supporting people is to do just that -
support them. Anyone that is working in user support
should get away from the attitude that many people have,
the negative and dismissive point of view that it is
impossible to achieve the objective because someone has
not described it correctly.


>-----Original Message-----
>In news:5bd001c3e5e0$f729c290$(E-Mail Removed),
>Christian Wickham
<(E-Mail Removed)> posted a
>question
>Then Kevin replied below:
>: Jeff Cochran is an idiot. Why respond with "you can't
do
>: it" - just don't reply, you fool.
>:
>: I imagine that what you have is something like a DSL
>: connection with one IP address, or you have one server
>: that is doing multiple jobs.
>:
>: This is how you do it, using host headers:
>: http://support.microsoft.com/?id=190008
>: This document tells you how to set the Web site to
>: respond to the name www.mydomain.com on port 80
>: to "default IP address". This means that your webserver
>: will not respond to the request http://ftp.mydomain.com
>:
>: It seems more complex for the FTP site, you could make
>: the site only respond on one IP address, but that means
>: assigning two IP addresses to the one server. It is a
>: good idea to make the IP addresses on the same subnet
>: when they are on the same server, as having two default
>: gateways causes big problems and you would need to
>: install and configure OSPF or another routing protocol
>: and configure it - make the IP addresses sequential or
>: near each other.
>:
>: Alternatively, you could use NAT (that is if you are in
>: the example of using DSL with one real IP address) and
>: assign two Private IP addresses to the one server, and
>: have the FTP service respond on one IP, and the WWW
>: service respond on the other, and let the
firewall/router
>: NAT the real IP address to the two private IP
addresses.
>:
>: As for other protocols, like Telnet, you need to
>: configure this at the telnet server level (I don't
think
>: there is a telnet server included in Windows). This is
>: the same for most other things - it's at the
application
>: level that these need to be configured.
>:
>: Hope that this is more helpful than a negative
response.
>:
>
>I'm going to take up for Jeff on this one, who are you
to call him an idiot
>when your response has nothing to do with the question.
>The question was how to make the record point to a
protocol he wants you to
>be able to type in www.mydomain.con and get the web
server and for you to
>type in ftp.mydomain.com and get the FTP server. It
won't happen if you type
>in ftp.mydomain.com you will still get the web server.
You must type in
>ftp://ftp.mydomain.com to get the FTP server. This is
just the way browsers
>work they default to http and DNS won't tell the browser
what protocol to
>use. Be sure you understand the question before you call
someone an idiot.
>There is an answer, but not through DNS. You would need
a website with a
>host header for ftp.mydomain.com then redirect it to
ftp://ftp.mydomain.com/
>
>
>
>--
>Best regards,
>Kevin D4 Dad Goodknecht Sr. [MVP]
>Hope This Helps
>============================
>--
>When responding to posts, please "Reply to Group" via
your
>newsreader so that others may learn and benefit from
your issue.
>To respond directly to me remove the nospam. from my
email.
>==========================================
> http://www.lonestaramerica.com/
>==========================================
>Use Outlook Express?... Get OE_Quotefix:
>It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
>==========================================
>Keep a back up of your OE settings and folders with
>OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
>==========================================
>
>
>.
>

In news:60eb01c3e650$77ac0440$(E-Mail Removed),
Christian Wickham <(E-Mail Removed)> posted a
question
Then Kevin replied below:
: One thing that I have taught all my staff in the last 10
: years (and thats [sic] over 35 people) about supporting people
: is that you should not focus on the WORDS that someone is
: saying, but focus on the MEANING of what they are saying.
: If Rob knew how to express the problem that he was having
: in a different way, then he would be able to look it up
: in the Knowledge base or help, but because he does not
: know how to do it, he does not know how to use the right
: terms. This is normally the biggest hurdle before being
: able to get support.
: I looked at what Rob said in his posting and then took
: understanding of his issue before posting a reply - not
: blindly looking at what he said and only answering that.
: You have to learn to read between the lines as not
: everyone knows what they want.
:
: Have a look at the title of the posting - this was
: answered by my answer.
:
: Also, have a read of the last paragraph of my posting,
: this states that it is at the application level that
: changes need to be done, depending on the application or
: service.
: If you look at Rob's original posting, you will see that
: he never asks how to do it in DNS - in fact he never
: refers to DNS at all. Why did you decide to state that
: you can't do it through DNS? Rob wants to know how to do
: it, not methods that don't work.
: Along the same lines as your reply, my response is that
: you can do this by using cheese - an equally pointless
: response.
: I know that your response is going to be that this is a
: DNS newsgroup - but my response is in the first
: paragraph, Rob did not know how to do it so he posted the
: message in the closest newsgroup. I applaud Rob for not
: posting his message in the general newsgroups.
:
: I notice that your posting states almost exactly what I
: said as the resolution for Rob's issue, although you do
: not point out that Rob needs to create an html page for
: his website that redirects to the FTP site, with the
: command
:
: <meta http-equiv="REFRESH" CONTENT="1;
: URL=ftp://ftp.mydomain.com">
: </head>
:
: in the header of the html file, so that it redirects
: after one second to the ftp site.
:
: Notice what I am doing here - constantly trying to help
: not only Rob, but anyone else who has a similar problem.
: The magic to supporting people is to do just that -
: support them. Anyone that is working in user support
: should get away from the attitude that many people have,
: the negative and dismissive point of view that it is
: impossible to achieve the objective because someone has
: not described it correctly.
:

My response was directed mainly at you for your remark about Jeff. When you
response only shows how to use host headers.
Robs Original Question was:
How do I map services to protocols? For example, I have CNAME records for
WWW and FTP. Both map to the same "A" record. Right now
http://www.mydomain.com and http://ftp.mydomain.com respond but I only want
WWW for http and FTP for ftp. Thanks.

His reply to William was:
In a nut shell, is there a way to map DNS host/alias
requests to a listening server port? From my understanding, Microsoft
clients can request available services/ports from DNS SRV records but that
doesn't map specific host/alias requests to a specific service.

You cannot do it with DNS and simply using host headers won't work either.

But the main point I'm getting to is that if your response is to call
someone and idiot. You say you have a staff of 35 under you, if your
demeanor is to call someone an idiot when they don't give the answer you
want, well let's just say I would not want to work under you. If I did, I
wouldn't for long, one way or the other.
Maybe you should take a look at your response, and think about how you would
feel if someone called you an idiot. Especially, since you didn't give a
correct answer either, William had already given the answer, I didn't see
any point in dittoing William's reply.
As you said this is the DNS group, you come here with a question about DNS,
you will get an answer that pertains to DNS.
If William's and Jeff's post had propagated sooner I would have probably
never posted. But Jeff posts in this group on a fairly regular basis and
does not shoot pointed unnecessary personal comments about anyone.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================