DNS Lookup and IP Rules
In the case of DNS server request being generated by NetDefendOS itself, no IP rules need to be
defined for the connection to succeed. This is because connections initiated by NetDefendOS are
considered to be trusted. For example, this would be the case if NetDefendOS is accessing a CA
server to establish the validity of a certificate and first needs to resolve the certificate's FQDN to an
IP address.
Dynamic DNS and HTTP Poster
A DNS feature offered by NetDefendOS is the ability to explicitly inform DNS servers when the
external IP address of the NetDefend Firewall has changed. This is sometimes referred to as
Dynamic DNS and is useful where the NetDefend Firewall has an external address that can change.
Dynamic DNS can also be useful in VPN scenarios where both ends of the tunnel have dynamic IP
addresses. If only one side of the tunnel has a dynamic address then the NetDefendOS VPN keep
alive feature solves this problem.
Under System > Misc. Clients in the Web Interface, several dynamic DNS services are defined.
The HTTP Poster client object is a generic dynamic DNS client with the following characteristics:
•
Multiple HTTP Poster objects can be defined, each with a different URL and different optional
settings.
•
By default, an HTTP Poster object sends an HTTP GET request to the defined URL. Some
servers require an HTTP POST request and to achieve this the option HTTP Post the Values
should be enabled. This is usually needed when authentication parameters are being sent in the
URL.
•
By default, HTTP Poster does not automatically send the server request after NetDefendOS
reconfiguration. This behaviour can be changed by enabling the option Repost on each
reconfiguration.
There is one exception to the default behaviour and that is after a reconfigure which is the result
of getting a new local IP address on the interface that connects to the DNS server.
In this case, NetDefendOS always waits a predefined period of 20 seconds before reposting after
the reconfiguration.
•
The default Repost Delay is 1200 seconds (20 minutes). This can be altered.
The predefined DynDNS client has an predefined refetch time of 30 days which cannot be
changed.
The difference between HTTP Poster and the predefined named DNS servers is that HTTP Poster
can be used to send any URL. The named services are a convenience that make it easy to correctly
format the URL needed for that particular service. For example, the http:// URL for the dyndns.org
service might be:
myuid:[email protected]/nic/update?hostname=mydns.dyndns.org
This could be sent by using HTTP Poster. Alternatively, the URL could be automatically formatted
for the administrator by NetDefendOS through using the DynDNS option and entering only the
information required for dyndns.org.
The CLI console command httpposter can be used to troubleshoot problems by seeing what
NetDefendOS is sending and what the servers are returning:
gw-world:/> httpposter
3.10. DNS
Chapter 3. Fundamentals
164
Summary of Contents for NetDefend DFL-1660
Page 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Page 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Page 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Page 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Page 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Page 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Page 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Page 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Page 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Page 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Page 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Page 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Page 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Page 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...