[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SR split DNS ...?
I was having all sorts of problems with the syntax of the dnsinfo.c. I was working with my VAR (who has been very helful and told me most of what I know about the dnsinfo.c). After many trials and tribulations, we got it right. The syntax is very particular. We had one too many ) in the end and it was failing to encrypt the DNS. I found out by sniffing the network where my client was. I saw the cleartext DNS lookup and started from there. Attached is a sample of the file. This works. This has more domains than most people will need, but you can delete them. Also, i'm looking up 8 levels of subdomains, you can change that to what you need. Also, is some LMHOST information in the top. When the SR client loads, it will read the LMdata section and create #PRE statements in the LMHOSTS file and add them there. You can change that info to be one DC per domain, if you have mulitple domains, or more than one domain controller for the same domain. As for the fwenc.log file, just create a file named that in c:\ and it will populate that file (as per: http://www.secure-1.com/faq/sr/debug.asp). I tried that, too. But it didn't give me the info I was looking for. I wound up sniffing my LAN at home to find out what was really going on. Look in the users.c file on the SR client. At the bottom will be the section with the DNS info (search for text string: ":dnsinfo"). You should see all your DNS info there. Make sure the last line of that section is :encrypt_dns (true). I had one too many ) in the dnsinfo.c and this line was getting omitted when it compiled the users.c. Like i said, my VAR helped me 95% with this, so by no means am I an expert. HTH, Dave O. -----Original Message----- From: laurent [mailto:[email protected]] Sent: Friday, January 05, 2001 9:54 AM To: [email protected] Subject: [FW1] SR split DNS ...? dnsinfo.c file created. crypt.def file modified. add on :dns_encrypt and :dns_xlate in users.c file. nothing happens. How does SR works ? We have made only one modification in the users.c file. encrypt dns. Therefore all the dns traffic is send to the gateway, does it receive the split dns configuration after the authentication ? How can check this, someone is talking about a fwenc.log file ? is it correct ? How can I enable this function ? Thanks for replying. lO ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== Attachment:
dnsinfo.c.example
|