NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SR split DNS ...?



I was having all sorts of problems with the syntax of the dnsinfo.c. I was
working with my VAR (who has been very helful and told me most of what I
know about the dnsinfo.c). After many trials and tribulations, we got it
right. The syntax is very particular. We had one too many ) in the end and
it was failing to encrypt the DNS. I found out by sniffing the network where
my client was. I saw the cleartext DNS lookup and started from there.

Attached is a sample of the file. This works. This has more domains than
most people will need, but you can delete them. Also, i'm looking up 8
levels of subdomains, you can change that to what you need.

Also, is some LMHOST information in the top. When the SR client loads, it
will read the LMdata section and create #PRE statements in the LMHOSTS file
and add them there. You can change that info to be one DC per domain, if you
have mulitple domains, or more than one domain controller for the same
domain.

As for the fwenc.log file, just create a file named that in c:\ and it will
populate that file (as per: http://www.secure-1.com/faq/sr/debug.asp). I
tried that, too. But it didn't give me the info I was looking for. I wound
up sniffing my LAN at home to find out what was really going on. 

Look in the users.c file on the SR client. At the bottom will be the section
with the DNS info (search for text string: ":dnsinfo"). You should see all
your DNS info there. Make sure the last line of that section is :encrypt_dns
(true). I had one too many ) in the dnsinfo.c and this line was getting
omitted when it compiled the users.c.

Like i said, my VAR helped me 95% with this, so by no means am I an expert. 

HTH,

Dave O.


-----Original Message-----
From: laurent [mailto:[email protected]]
Sent: Friday, January 05, 2001 9:54 AM
To: [email protected]
Subject: [FW1] SR split DNS ...?



dnsinfo.c file created.
crypt.def file modified.
add on :dns_encrypt and :dns_xlate in users.c file.

nothing happens.

How does SR works ?
We have made only one modification in the users.c file. encrypt dns.
Therefore all the dns traffic is send to the gateway, does it
receive the split dns configuration after the authentication ?

How can check this, someone is talking about a fwenc.log file ? is it
correct ? How can I enable
this function ?

Thanks for replying.
lO




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

Attachment: dnsinfo.c.example
Description: Binary data



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.