How to route based on domain name?

Question

I can route by IP range by the route command. But is there any domain based route solution?

Can you please clarify what you mean by domain based route? the term "domain" has been overloaded in the network terminology space. — pcapademic, Dec 27 '09 at 06:08
Furthermore it would be useful to give a use case example of what you wish to achieve. — Dan Carley, Dec 27 '09 at 13:30

score 11 · Accepted Answer · answered Dec 27 '09 at 10:11

11

Routing is a layer 3 technique that gets your packets where they are supposed to go. Layer 3 information is almost only source IP, dest IP and fragmentation information.

Extra information such as domain name is way beyond layer 3, it's more layer 7 (the application layer). Therefore such information is not meant to be used for routing.

There are specific techniques that use information above layer 3, such as Policy Routing which uses layer 4 information (TCP/UDP ports) to route specific packets. That is as high as it goes as far as I know.

If you have control over that domain name, you could specify as specific IP that will then be routed by your routers in a specific way. If you can't do that, I'm afraid it's not going to be possible as far as I know.

answered Dec 27 '09 at 10:11

Antoine Benkemoun

7,314
3
42
60

2

This can be done with iptables + ipset + dnsmaq under *nix. – ab77 Sep 17 '17 at 12:29
@ab77 do you mean it is possible to do the routing depending on the domain name or it is still based on an IP address like the host file solution? https://serverfault.com/a/97527/130225 – baptx May 12 '18 at 15:25
2

Routing based on domain names as well as IPs is possible using `iptables+ipset+dnsmasq+rt_tables` toolchain. That is how PBR is implemented for black.box devices (unzoner.com). – ab77 May 14 '18 at 19:10

score 2 · Answer 2 · answered Jul 16 '14 at 14:03

2

You use the SRV reccord on the DNS server.

For example:

SUBDOMAIN TTL DATA (priority first)

server1.domain.com : 3600 : 10 10 1337 domain.com

This will map all incoming traffic on domain server1.domain.com to port 1337 on domain.com

As easy as that.

answered Jul 16 '14 at 14:03

xhoster

21
1

This applies to some very specific use cases, but does not pertain to the question, I believe. – Felix Frank Jul 16 '14 at 14:24

score 0 · Answer 3 · answered Jun 06 '22 at 14:24

I wrote simple script named local-route like this and use :

#!/bin/bash 

DEFAULT_GW=$(ip route | grep default | grep via | awk '{print $3}') 

if [ -z $1 ] ; then 
        echo "Please enter url"
        echo "Example: local-route http://www.example.com" 
        echo "         local-route www.example.com" 
        echo "         local-route example.com" 
        echo "         local-route example.com/api/v1/..." 
        exit 1
fi


URL=$(echo $1 | sed 's/.*:\/\///' | sed 's/\/.*//') 

IPS=$(dig +short $URL) 

for I in $IPS 
do
        echo $I
        ip route add $I via $DEFAULT_GW 2> /dev/null
done

score 0 · Answer 4 · answered May 09 '15 at 17:04

There is no domain based route solution. But you can use this workaround script. It gets the IP of your domain and adds a route. You can add it to the task scheduler to run on windows startup or at any specific intervals and it'll keep adding the route. It doesn't use the -p option so the route added is not permanent.

:: Get IP of Domain name
setlocal EnableDelayedExpansion

set myServer=your.server.com

for /f "tokens=1,2 delims=[]" %%a IN ('ping -n 1 !myServer!') DO (
 if "%%b" NEQ "" set myServerIP=%%b
)
echo ip is %myServerIP%

route add %myServerIP% mask 255.255.255.255 <gateway ip>
EXIT

Hope this helps!

score 0 · Answer 5 · edited May 12 '18 at 18:03

0

You can use host records or DNS to associate a domain with an IP address. Then you can use your existing route method.

edited May 12 '18 at 18:03

baptx

105
7

answered Dec 27 '09 at 05:19

PaulWaldman

508
5
14

Interesting for websites blocking VPNs that use several IP addresses, with the host file solution we can directly route one IP address instead of several IP addresses to bypass the VPN and go to the router. But it would be better to directly do the routing based on the domain name to avoid revealing our real IP address to other websites or applications if they use a domain name with the same IP address. – baptx May 12 '18 at 15:21

score -1 · Answer 6 · answered Apr 13 '13 at 15:02

-1

you can use apache or any other web server. virtual domains or reverse proxy does just that.

answered Apr 13 '13 at 15:02

daigorocub

249
2
10

2

Virtualhosts / reverse proxying are not related to routing *at all* – Dennis Kaarsemaker Apr 13 '13 at 17:30
I understand that, it's the strict meaning of "routing". But when you use reverse proxying, you are routing domain requests. It's a solution. Not a layer 3 solution, but still a solution. And the question didn't mention layer 3. Anyway, it's nice to have this explanation in this thread. – daigorocub Apr 16 '13 at 10:15

How to route based on domain name?

6 Answers6