[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] SR 4005 and split DNS

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] SR 4005 and split DNS
From: Oliver_Weismantel@gillette.com
Date: Tue, 7 Sep 1999 14:48:28 -0700


     I try to make use of SecuRemote 4005 and split DNS. Goal is to have a 
     SR client resolve internal DNS 
     names as well as Internet DNS names at the same time when connected 
     via the Internet.  The internal 
     DNS is totally seperated from the Internet DNS.
     
     By reading the (poor) Checkpoint documentation I was able to set it up 
     but there are still any questions 
     left.
     
     a) We use DHCP internally to assign DNS server to the clients at boot 
     time. A laptop will know nothing about internal DNS server when booted 
     off-site and afterwards connected to the internal network via the 
     Internet. The ISP will provide information about Internet DNS server 
     during dialup, but nothing else. Is there any possibility to 
     dynamically assign DNS server by SecuRemote or something similar ?
     
     b) There is a domain called <domain.xyz>. It exists in the internal 
     DNS as well as in the Internet DNS, content is totally different. When 
     I assing this domain via the file dnsinfo.C to be internal, funny 
     things happen. All names only registered in the internal DNS get 
     resolved fine. All names only registered in the Internet DNS get 
     resolved fine. A name (e.g. www.domain.xyz) registered in BOTH domains 
     gets resolved sometimes internally, sometimes externally. Seems to 
     depend on what servers answer arrives first.
     
     C:\WINDOWS>ping www.domain.xyz
     Pinging www.domain.xyz [10.11.12.13] with 32 bytes of data:
     
     C:\WINDOWS>ping www.domain.xyz
     Pinging server.domain.xyz [110.111.112.113] with 32 bytes of data:
     
     Any comments here ?
     
     c) I configured one dedicated server in the dnsinfo.C file to resolve 
     internal domains. In the Windows configuration I hardcoded two 
     internal DNS server for redundancy reasons. Even only one DNS server 
     is configured in the SR setup, how can SR know about and make use of 
     the other internal server even if it is not configured in dnsinfo.C ? 
     I know how it knows about but why does it use both ?
     
     d) Last but not least the CP documentation says we have to change the 
     file userc.C on the users laptop manually to make it work. (Add the 
     two statements:
     :dns_xlate (true)
     :dns_encrypt (true) )
     In case of up to 20 clients this might work. Not for 100+. How can 
     this be automated to prevent administrators from manual configuration 
     needs ?
     
     A lot of nasty questions I really struggle with. Looking forward for 
     your answer.
     
     TIA for your help.
     
     Regards,
     Oliver
     
     


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FireWall-1 FTP performance problems
Next by Date: [FW1] PDFs
Prev by thread: RE: [FW1] SR 4005 and split DNS
Next by thread: Re[2]: [FW1] SR 4005 and split DNS
Index(es):
- Date
- Thread