On Tue, Mar 02, 1999 at 05:59:24PM -0500, Larry Cannell wrote:
> I can appreciate the concern you have regarding DNS. I am wondering how
> would you support applications that NEED the DNS information (apps like
> NetMeeting which does not have proxy support and needs to connect to any
> number of external data conference servers).
Hmm - sounds like I should have provided more info after all..
Netmeeting isn't a problem as netmeeting isn't supported :-)
Ours is a proxy-based firewall - which means I really don't have to worry
about our internal DNS having no access to the Internet's DNS servers.
However, our parent company has decided to go with a PIX (read: NAT or
transparent firewall) solution which means they do have access to Internet
DNS servers.
My concern was when their users come over to our network and plug in,
nothing will work as their firewall design and ours are at almost opposite
ends of the spectrum. If I allowed DNS through, then some tricks are made
available to me to help ease the confusion.
What I wish was available was a "fake" DNS server where I could wildcard all
"A" records to point to an internal box running things like a web server
that returns a page telling users they have to configure their browser to
use our proxy!
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
