Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Encrypt DNS question

To: "David E. Hoobler Jr." <[email protected]>, "'John Gesualdi'" <[email protected]>, "Fw1_list \(E-mail\)" <[email protected]>
Subject: RE: [FW1] Encrypt DNS question
From: "Juan Concepcion" <[email protected]>
Date: Sun, 10 Jun 2001 22:24:13 -0400
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

Correction, specifying an internal DNS ser on the SecuRemote client turns
into what is known as split DNS. Quieries that cannot be by the internal DNS
server are satisfied by the ISP's DNS servers.

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [email protected]


-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
David E. Hoobler Jr.
Sent: Saturday, June 09, 2001 2:02 PM
To: 'John Gesualdi'; Fw1_list (E-mail)
Subject: RE: [FW1] Encrypt DNS question



Assuming that you allow DHCP to get the IP addresses of the ISP's DNS
severs, the ISP does the DNS for everything except your encryption domain.
You internal DNS servers handle the internal requests.

On the firewall, your dnsinfo file specifies for which domian(s) DNS should
be translated/encrypted.  the SecuRemote client downloads the topology from
dnsinfo when a site is created.  The SecuRemote client intercepts DNS
requests and if the domain matches that in dnsinfo, it forwards the request
to the internal server.  Otherwise, the request goes to the ISP DNS server.

That said, it is possible to specify the internal DNS server on the
SecuRemote client as the only DNS server.  If you do this, all DNS requests
go to the internal server.

David Hoobler


-----Original Message-----
From: John Gesualdi [mailto:[email protected]]
Sent: Thursday, June 07, 2001 12:38 PM
To: Fw1_list (E-mail)
Subject: [FW1] Encrypt DNS question






    I've configured my firewall to support the feature that allows the
secure remote clients to resolve internal machine names. It's working
well but I do have a questions on it's operation?

1.  A user with a cable modem surfs the Internet, Is my Internal DNS
resolving that or is  the ISP DNS doing it?  How does that work?



--


John A. Gesualdi,    CCNP, CCDP, MCP
[email protected]
The Providence Journal Company
PhonePager============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Encrypt DNS question
  - From: "David E. Hoobler Jr." <[email protected]>

Prev by Date: Re: AW: [FW1] Problems with FW1 and NT
Next by Date: RE: [FW1] Web server in DMZ
Previous by thread: RE: [FW1] Encrypt DNS question
Next by thread: RE: [FW1] Encrypt DNS question
Index(es):
- Date
- Thread