Thanks to everyone for their tips on helping me get my split DNS to work.
Unfortunately, it is still not working.
I have identified the DNS server object on my firewall. I have edited (in DOS) the
dnsinfo.C file (and renamed it to make it case sensitive) with the appropriate syntax
(I believe - I'm still not clear on the brackets, should there be a space after :obj
and the bracket, for example).
I've added a rule in the top of my rulebase saying users@any, encryption domain, DNS,
client-encrypt.
I've added the #define ENCDNS line in the crypt.def file.
I've bounced the server. I've stopped and restarted it. I've reloaded the
rulebase....and on and on.
When I update my SecuRemote client, the dnsinfo() area does not get populated.
My dnsinfo.C file is in the C:\Winnt\FW1\4.1\conf directory, which was created when I
upgraded the firewall from 4.0 to 4.1 SP2.
I'm tired, and getting cranky. What am I missing? An implied rule setting? Should
the DNS server be identified in the TCP/IP settings on the firewall itself (I wouldn't
think so)? My firewall's TCP/IP settings use two ISP servers as it's DNS, and one
internal DNS server (not the one I'm using as a test for this).
I think my major problem is the update not happening on the client. If someone knows
what the userc.C file on the SecuRemote client is supposed to look like afterwards, I
can manually edit it and test.
Again, thanks for the help.
Rodney Lacroix
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
