LJNDawson.com



How to Redirect a Subdomain to an IP Address

How to Redirect a Subdomain to an IP Address

When you want to redirect a subdomain to an IP address, you’re really deciding how traffic should flow through DNS, your router, and possibly a reverse proxy. It sounds simple. Add a record, and you’re done, but the right setup depends on whether the server’s public, internal-only, or running on a nonstandard port. 

Get this choice wrong, and users hit errors instead of your site, so you’ll want to see how each option works.

What “Pointing a Subdomain at an IP” Actually Does

When you point a subdomain to an IP address, you configure DNS so that queries for that hostname return a specific IPv4 address. If you’re unsure of your server’s IP, and you keep wondering “how to find my IP address,” you can do it using an A record, which stores only the IP address. It doesn't contain information about ports, protocols, routing rules, or proxy behavior. After the client receives the IP from DNS, it connects directly to that address using the appropriate protocol and port (for example, HTTP on port 80 or HTTPS on port 443).

Public DNS records shouldn't map hostnames to private IP ranges such as 192.168.x.x, 10.x.x.x, or 172.16.x.x–172.31.x.x, because these addresses aren't routable on the public internet. They can be used only within private networks or with additional mechanisms such as VPNs or split-horizon DNS.

Multiple subdomains (or domains) can share a single public IP address. In HTTP and HTTPS, the server or reverse proxy typically distinguishes between them using the Host header (or the Server Name Indication, SNI, extension in TLS for HTTPS). This allows different websites or applications to be served from the same IP.

DNS changes don't take effect immediately. They're subject to the record’s Time To Live (TTL), which tells resolvers how long they may cache the response. As a result, updates to A records can take some time to propagate and be reflected in client lookups.

Pick the Right Approach for Your Subdomain-to-IP Setup

Select an approach based on where your users are located and which IP addresses you control. For users on the public internet, configure the subdomain to resolve to a publicly routable IP address, then use NAT or port forwarding on your router to direct traffic to the appropriate internal server. Ensure that the internal host has a static IP address and an appropriate firewall rule.

If multiple internal servers share a single public IP address, deploy a reverse proxy at the network edge and route requests based on the HTTP Host header.

For environments where access is limited to internal users, configure your LAN DNS to override the subdomain and point it directly to an internal IP. Note that DNS records don't include port information; ports must be managed through NAT, port forwarding, or reverse proxy configuration.

Set DNS Records to Point a Subdomain at a Public IP

Before traffic can reach your server, DNS must map your subdomain to a routable public IP address. In your DNS control panel, create an A record for the subdomain (for example, xyz) and set its value to your public IPv4 address (for example, 1.2.3.4). Don't use private addresses such as those in the 192.168.x.x, 10.x.x.x, or 172.16.x.x–172.31.x.x ranges, as they aren't reachable from the public internet.

If you have a single public IP address, you can still direct multiple subdomains to it by creating separate A records that all point to the same IP. CNAME records should be used only to point one hostname to another hostname, not directly to an IP address.

After updating DNS, allow time for the changes to propagate, which may vary depending on the configured TTL values. Then verify that your server, any NAT configuration, and firewall rules are correctly set to accept and handle incoming connections for that subdomain.

Forward a Subdomain to a Specific IP and Port

On a single‑IP router, you can use NAT or port forwarding to direct traffic from the router’s public interface to an internal server. For example, you might forward incoming connections on WAN port 80 (or another chosen external port) to an internal host such as 192.168.1.120 on port 8080.

In this setup, the DNS record for the subdomain still resolves to the router’s public IP address, not directly to the internal server.

If you configure a nonstandard external port (such as 5000) instead of port 80 or 443, users must explicitly include the port in the URL, for example: http://xyz.example.com:5000

DNS records store IP addresses (and some related metadata) but don't include or conceal TCP/UDP port information. As a result, DNS alone can't make a service appear on a different port than the one clients actually connect to.

Use a Reverse Proxy to Route Subdomains to Internal IPs

With a reverse proxy in front of your network, you can publish multiple internal web servers through a single public IP address while keeping URLs on standard HTTP/HTTPS ports (80 and 443). The reverse proxy (for example, Nginx, Apache HTTP Server with mod_proxy, or IIS with ARR) listens on the public IP and uses the HTTP Host header to determine which internal server and port should handle each request.

Configuration is typically done by defining virtual hosts or server blocks for each subdomain, matching on the server_name (Nginx) or ServerName/ServerAlias (Apache) to the requested Host value. Each of these blocks is then configured to forward requests to the appropriate backend using directives such as proxy_pass (Nginx), ProxyPass/ProxyPassReverse (Apache), or corresponding ARR rules in IIS.

The proxy should have a static IP address on the local network, with ports 80 and 443 on the router/firewall forwarded to that IP. TLS certificates are installed and managed on the reverse proxy, so external clients establish HTTPS connections directly with it.

It's also important to set appropriate forwarding headers (such as X-Forwarded-For, X-Forwarded-Proto, and related equivalents) to preserve client information, and to configure reverse proxy response rewriting (for example, ProxyPassReverse in Apache) when necessary so that redirects and links from the backend remain consistent with the public-facing URLs.

Use Split DNS to Reach Internal-Only IP Addresses

Reverse proxies determine how external traffic reaches internal services, but you also need a method for internal devices to access those same services by name without sending traffic out to the internet and back in through the public IP. Split DNS (also called split-horizon DNS) addresses this by returning different DNS answers depending on whether the query originates from inside or outside the network.

Configure an internal DNS record so that xyz.abc.com resolves to 192.168.1.120 on your internal network, while the public DNS record for xyz.abc.com continues to resolve to your public IP address for external clients. Define only the specific internal FQDN you need, rather than recreating the entire external DNS zone, unless you have a clear need to manage the full zone internally.

Ensure your internal DNS server is authoritative for that internal record and that clients use this DNS server, typically enforced via DHCP settings. Assign a static private IP to the internal service, and verify that firewall and routing rules allow direct internal access without hairpinning through the public interface.

Troubleshoot Common Subdomain-to-IP Configuration Issues

Configuring a subdomain to point directly to an IP address appears simple, but several DNS and networking constraints commonly cause issues.

First, public DNS records can't reliably use private IP ranges such as 192.168.x.x, 10.x.x.x, or 172.16–31.x.x. Public subdomains must point to a routable public IP address. If the actual service runs on a private address inside a network, you typically use NAT, port forwarding on the router, or a reverse proxy to bridge between the public IP and the internal host.

When multiple subdomains need to share a single public IP, each subdomain usually gets its own A record (all pointing to the same IP). A reverse proxy or HTTP server configured for name-based virtual hosting then uses the HTTP Host header (or SNI for TLS) to route traffic to the correct internal service.

Routers, by contrast, make decisions based on IP and port, not hostnames. Without a reverse proxy or similar layer, you'd need to assign different external ports for different internal services on the same IP.

Internally, ensure that target machines have static or reserved LAN IP addresses so that port forwarding or proxy rules remain valid over time. In addition, confirm that any relevant firewalls (on the router, host, or between network segments) allow the required ports and protocols.

Treat DNS configuration, router/NAT settings, and firewall rules as distinct steps, and verify each layer independently when troubleshooting connectivity problems.

Conclusion

You’ve seen how to point a subdomain to an IP, whether it’s public, behind NAT, or internal-only. Now you can choose the right approach: basic A records, port forwarding, reverse proxies, or split DNS. As you set things up, document your DNS and network changes, then test from multiple networks and devices. When issues pop up, you’ll know how to trace them from DNS to firewalls and fix them quickly.

 

avy.com   Site engineering: Hamidof.com