[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Encrypt DNS question
Correction, specifying an internal DNS ser on the SecuRemote client turns into what is known as split DNS. Quieries that cannot be by the internal DNS server are satisfied by the ISP's DNS servers. Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail: [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of David E. Hoobler Jr. Sent: Saturday, June 09, 2001 2:02 PM To: 'John Gesualdi'; Fw1_list (E-mail) Subject: RE: [FW1] Encrypt DNS question Assuming that you allow DHCP to get the IP addresses of the ISP's DNS severs, the ISP does the DNS for everything except your encryption domain. You internal DNS servers handle the internal requests. On the firewall, your dnsinfo file specifies for which domian(s) DNS should be translated/encrypted. the SecuRemote client downloads the topology from dnsinfo when a site is created. The SecuRemote client intercepts DNS requests and if the domain matches that in dnsinfo, it forwards the request to the internal server. Otherwise, the request goes to the ISP DNS server. That said, it is possible to specify the internal DNS server on the SecuRemote client as the only DNS server. If you do this, all DNS requests go to the internal server. David Hoobler -----Original Message----- From: John Gesualdi [mailto:[email protected]] Sent: Thursday, June 07, 2001 12:38 PM To: Fw1_list (E-mail) Subject: [FW1] Encrypt DNS question I've configured my firewall to support the feature that allows the secure remote clients to resolve internal machine names. It's working well but I do have a questions on it's operation? 1. A user with a cable modem surfs the Internet, Is my Internal DNS resolving that or is the ISP DNS doing it? How does that work? -- John A. Gesualdi, CCNP, CCDP, MCP [email protected] The Providence Journal Company PhonePager============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|