Readme | FAQ | Wizard

Requirements:

DNS Redirector is intended to be run on reliable hardware with a server operating system...

  Windows Server 2008/Core/Web/SBS/R2
  Windows Server 2003/Web/SBS/R2/WHS
  Windows 2000 with SP4 (No longer supported, end-of-life on July 13, 2010)

DNS Redirector can run on a client operating system such as: Windows 7 / Vista with SP2 / XP with SP3
but this is not supported or recommended in production environments due to OS and IIS connection limits.

Any Windows x86 or x64, Apple/Mac, Linux, Unix, etc. operating system is supported as a client of the DNS Redirector server.
A minimum of 512MB over the OS minimum memory requirement is suggested.
Running DNS Redirector as a service (no GUI) is discussed in FAQ 73.
DNS Redirector v7.x requires .NET Framework 2.0 SP2

Implementation Considerations:

Use a standard LAN with a hardware firewall as the default gateway...
See the Network Examples. Notice that proxy/SOCKS, ISA, or ICS is not compatible.

When used for content filtering...
A dedicated server is not required; installation on your existing domain controller(s), small business server, or home server is adequate.

When used for a public HotSpot...
The guest LAN should be completely isolated from any internal/office LAN as shown in Network Examples.
You should mitigate problems as discussed in FAQ 34, FAQ 39, FAQ 113.

DNS Redirector will try and bind DNS service to all IPs assigned to the server...
If Microsoft's DNS service (found on some Windows Servers or Active Directory domain controllers) is installed see FAQ 91.
If another DNS server or something using the same ports is installed see FAQ 4.

You will need to change DHCP scope properties (option 6, DNS server)...
The IP address used by DNS Redirector needs to be the only one handed out as the DNS server.
If running multiple instances of DNS Redirector (only for content filtering, see FAQ 28) then add the IP of every DNS Redirector server.

No NAT and no DNS separation...
For a wireless HotSpot, the DNS Redirector server and all clients must be in the same IP address space and cannot be separated by a NAT device.
If used only for content filtering, blocked/allowed functionality will work regardless of network placement as discussed in FAQ 37.
Every client should use the IP of the DNS Redirector server as their default DNS server (usually provided via DHCP), another DNS server cannot exist in-between.

When running the GUI...
Clicking on an IP in the list gives you several client options. The "Send message to a Windows client..." performs a 'net send' to Windows 2000/XP/2003 clients, this only works when the DNS Redirector server and the client machine have the messenger service started. (which is disabled by default in XP SP2 and later, not available on Vista)

For third-party software that is known to work with or aid in the use of DNS Redirector see FAQ 71.

Installation:

Download DNS Redirector, extract the .zip to C:\DNSREDIR

 Configure C:\DNSREDIR\dnsredir.ini using the INI Settings section below.

 Setup IIS or other web server software using the Hosted Pages section below.

 Allow access through any firewalls, see FAQ 102.

 Run C:\DNSREDIR\dnsredir.exe or as a service.

 Change your DHCP scope (option 6, DNS server) to hand out the DNS Redirector server IP as the only DNS server.
     This should be the same IP you specified for ListenOnIP= in dnsredir.ini

Trouble? Visit the support page to search the FAQ, try the Wizard, or contact support.

INI Settings:

Default values are in green
Example values are in blue
v7 Only values are in purple

All files referenced in the .ini are assumed to be in the C:\DNSREDIR working directory.
Click here to view the full version of these descriptions.

Logging=Normal
  Sets the log file detail, a new log file is created each day using the day's date as a filename.

Optimize=Speed
  Sets the string matching algorithm used on keyword lists.
Valid options are:
Speed - this is fastest and recommended for large networks
Memory - this will use less memory (ideal for machines with low resources serving smaller networks)

ListenOnIP=192.168.0.2, 192.168.0.3
  Specify the static IP address(es) of this DNS Redirector server (recommended), see FAQ 4, FAQ 91.
Or leave blank to bind on all system IPs (including the IPv4 loopback address 127.0.0.1)

SimpleDNS=simpledns.txt
  File containing DNS A records that you want to resolve locally.

GetClientName=False
  Sets whether the client computer name will be displayed in the GUI.
Valid options are:
False - this is fastest and recommended for HotSpot/public network environments
True - this is useful in Internet filtering environments with Active Directory-integrated DNS

DNSServerIP=4.2.2.1, 4.2.2.2
  Specify the IP of a real DNS server.

RedirectIP=192.168.0.3, 192.168.8.3
  Initially redirect clients to this IP, where your welcome page is hosted.

  AuthKeywordsFile=authorized.txt
  File containing keywords of domain names that authorize the client to surf past the welcome page.

AlwaysKeywordsFile=always.txt
  File containing keywords of domain names that clients are always allowed to visit, even if they have not been authorized.

AuthClientsFile=authclients.txt
  File containing IPs of local network clients that are always allowed to surf, even if they have not been authorized.
BlockedIP=192.168.0.2, 192.168.8.2
  Domain names matched in the BlockedKeywordsFile= below will resolve to this IP, where your blocked page is hosted.

  BlockResponse=Lookup
  Valid options are:
Lookup - resolves to the BlockedIP only if the domain name is real (does a lookup at the DNSServerIP= first)
Fast - resolves to the BlockedIP even if the domain name does not exist

BlockedKeywordsFile=blocked.txt
  File containing keywords of domain names that clients cannot visit.

AllowedKeywordsFile=allowed.txt
  File containing keywords of domain names that clients are allowed to visit.

BypassBlockFile=bypassblock.txt
  File containing keywords of domain names that toggles the client's ability to view blocked content.
RestrictIP=192.168.0.4, 192.168.8.4
  When the server time is between the values for RestrictStart= and RestrictEnd= all DNS queries will instead resolve to this IP, where your time restriction page is hosted.

  RestrictStart=6:00:00 PM
RestrictEnd=11:59:00 PM
  Time format in hr:min:sec and AM or PM, must be within the same day.

BypassRestrictFile=bypassrestrict.txt
  File containing keywords of domain names that toggle the client so they can surf even if within the restricted timeframe.
ActionNumber=0
  Perform the JoinAction specified below; 1 means every time, 2 means for every 2nd client who joins, 3 for every 3rd client who joins, etc. If actions are not going to be used leave this set to 0.

JoinType=Detect
  Valid options are:
Detect - executes JoinAction for any client
Auth - executes JoinAction when a client becomes authorized
 
  JoinAction=
  File you want to launch or execute when a client joins the network. This could be a .exe, .wav, .bat or other script. If a join action is not desired then leave this blank. For use with a third-party script or application, the client's IP is passed as a variable after the command.

LeaveAction=
  File you want to launch or execute when a client leaves the network. This could be a .exe, .wav, .bat or other script. If a leave action is not desired then leave this blank. For use with a third-party script or application, the client's IP is passed as a variable after the command.
ClientTimeout=20
  Interval in minutes before an active client is considered gone or left the network, based on the last DNS query received. This removes the client from the list, also de-authorizes and executes the LeaveAction if set.

MinToTray=False
  Set this True so when the GUI is minimized it will go to the system tray area instead.

CloseToTray=False
  Set this True so when X is pressed (as if to normally close the GUI) it will stay running and go to the system tray area instead. When set True the GUI is also not displayed on startup but rather loads directly to the system tray.

Hosted Pages:

Using IIS on the same server as DNS Redirector to host the welcome/blocked/time restriction pages is suggested. Optionally, you can declare the IP of another web server that is internal or external to the DNS Redirector network.  (IIS on a non-server OS has restrictions, such configuration is not supported or recommended)

When installing IIS also install ASP and SSI components (see screenshot for IIS6 or IIS7)

Depending on the features enabled in DNS Redirector you may need multiple sites in IIS, each site requiring its own IP address. Add multiple IP addresses to the same NIC under the Advanced button in TCP/IP properties.

If RedirectIP=192.168.0.3 complete the following steps...
create a folder for the site root, such as C:\Inetpub\welcome
   in IIS Manager create a site:  (see details for IIS6 or IIS7)
running at at 192.168.0.3 | port 80 | no Host header | path set as the folder created above
   for IIS6: leave checked "Allow anonymous access to this Web site" | leave checked "Read" | check "Run scripts (such as ASP)"
extract a sample welcome page to the folder created above
set the Default Document as: welcome.asp  (must be listed first, it is suggested to remove all other default documents)
   set the following custom errors:  (see details for IIS6 or IIS7)
HTTP Error: 403.1 | Message Type: URL | URL: /welcome.asp
HTTP Error: 404    | Message Type: URL | URL: /welcome.asp
HTTP Error: 414    | Message Type: URL | URL: /welcome.asp

If BlockedIP=192.168.0.2 complete the following steps...
create a folder for the site root, such as C:\Inetpub\blocked
   in IIS Manager create a site:  (see details for IIS6 or IIS7)
running at at 192.168.0.2 | port 80 | no Host header | path set as the folder created above
   for IIS6: leave checked "Allow anonymous access to this Web site" | leave checked "Read" | check "Run scripts (such as ASP)"
extract a sample blocked page to the folder created above
set the Default Document as: blocked.asp  (must be listed first, it is suggested to remove all other default documents)
   set the following custom errors:  (see details for IIS6 or IIS7)
HTTP Error: 403.1 | Message Type: URL | URL: /blocked.asp
HTTP Error: 404    | Message Type: URL | URL: /blocked.asp
HTTP Error: 414    | Message Type: URL | URL: /blocked.asp
download: REG-UrlSegmentMaxLength.zip then open the .reg file
     this is necessary so certain blocked content is replaced correctly, or follow these manual instructions:
     open regedit and navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
     edit or create DWORD "UrlSegmentMaxLength" and set to "450"  (see kb820129)

If RestrictIP=192.168.0.4 complete the following steps...
create a folder for the site root, such as C:\Inetpub\timerst
   in IIS Manager create a site:  (see details for IIS6 or IIS7)
running at at 192.168.0.4 | port 80 | no Host header | path set as the folder created above
   for IIS6: leave checked "Allow anonymous access to this Web site" | leave checked "Read" | check "Run scripts (such as ASP)"
extract a sample blocked page to the folder created above
set the Default Document as: blocked.asp  (must be listed first, it is suggested to remove all other default documents)
   set the following custom errors:  (see details for IIS6 or IIS7)
HTTP Error: 403.1 | Message Type: URL | URL: /blocked.asp
HTTP Error: 404    | Message Type: URL | URL: /blocked.asp
HTTP Error: 414    | Message Type: URL | URL: /blocked.asp

for every site created above...

add the HTTP Header: "Cache-Control: no-store, no-cache, post-check=0, pre-check=0"  (see screenshot for IIS6 or IIS7)
     META tags which preventing caching (as included in sample pages) are required in addition to this HTTP Header (see rfc2616-sec14.9 and msdn)

on IIS6 when ASP.NET is installed ensure the version is set to 2.x or later (see screenshot)

on IIS7 under ASP set "Enable Parent Paths: True" (see screenshot)

on IIS7 under Error Pages, Edit Feature Settings, set "Custom error pages" (see screenshot)

check NTFS permissions on the root folder  (see screenshot for IIS6 or IIS7)
     kb812614 / kb981949

ensure the site is running  (visit the site by typing http://[IP_Address] into a browser)

License:

Each license purchase is for use in one working location (one server). For IT consultants or other systems integrators; the correct way to license software is to have the end-customer purchase it directly in their name. You may not resell or bundle the software without prior written approval.

Since DNS is critical to the operation of any network, and we don't want to aggravate system administrators, there are no activation or renewal techniques built into the full version. The software does not 'phone home' at any time with the exception of voluntarily using updater, of which the only function is keyword list retrieval.

For the complete software license agreement visit: dnsredirector.com/license

 
DNS Redirector | Copyright © 2003-2010