[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] SR 4005 and split DNS
[ The following text is in the "windows-1252" character set. ]
[ Your display is set for the "US-ASCII" character set. Some ]
[ characters may be displayed incorrectly. ]
There's a really helpful Word document on www.checkpoint.com/~joe that
details implementing split dns.
As for the distribution of a modified userc.c file there is a userc.c file
in uncompressed format in the 'disk3' installation directory of SR. You can
modify this file and then any user that installs using that source will get
the modifications. This doesn't help if you've got 100 users already using
securemote but it helps if you are rolling out a new VPN. Phoneboy's site
has something on this as well. www.phoneboy.com/fw1.
dan
-----Original Message-----
From: Oliver_Weismantel@gillette.com
[mailto:Oliver_Weismantel@gillette.com]
Sent: Tuesday, September 07, 1999 2:48 PM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] SR 4005 and split DNS
I try to make use of SecuRemote 4005 and split DNS. Goal is to have a
SR client resolve internal DNS
names as well as Internet DNS names at the same time when connected
via the Internet. The internal
DNS is totally seperated from the Internet DNS.
By reading the (poor) Checkpoint documentation I was able to set it up
but there are still any questions
left.
a) We use DHCP internally to assign DNS server to the clients at boot
time. A laptop will know nothing about internal DNS server when booted
off-site and afterwards connected to the internal network via the
Internet. The ISP will provide information about Internet DNS server
during dialup, but nothing else. Is there any possibility to
dynamically assign DNS server by SecuRemote or something similar ?
b) There is a domain called <domain.xyz>. It exists in the internal
DNS as well as in the Internet DNS, content is totally different. When
I assing this domain via the file dnsinfo.C to be internal, funny
things happen. All names only registered in the internal DNS get
resolved fine. All names only registered in the Internet DNS get
resolved fine. A name (e.g. www.domain.xyz) registered in BOTH domains
gets resolved sometimes internally, sometimes externally. Seems to
depend on what servers answer arrives first.
C:\WINDOWS>ping www.domain.xyz
Pinging www.domain.xyz [10.11.12.13] with 32 bytes of data:
C:\WINDOWS>ping www.domain.xyz
Pinging server.domain.xyz [110.111.112.113] with 32 bytes of data:
Any comments here ?
c) I configured one dedicated server in the dnsinfo.C file to resolve
internal domains. In the Windows configuration I hardcoded two
internal DNS server for redundancy reasons. Even only one DNS server
is configured in the SR setup, how can SR know about and make use of
the other internal server even if it is not configured in dnsinfo.C ?
I know how it knows about but why does it use both ?
d) Last but not least the CP documentation says we have to change the
file userc.C on the users laptop manually to make it work. (Add the
two statements:
:dns_xlate (true)
:dns_encrypt (true) )
In case of up to 20 clients this might work. Not for 100+. How can
this be automated to prevent administrators from manual configuration
needs ?
A lot of nasty questions I really struggle with. Looking forward for
your answer.
TIA for your help.
Regards,
Oliver
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================