Re: [FW1] Split DNS

[Larry Pingree]

Title: Split DNS

Yes, this problem exists because you have SecuRemote setup to get dns entries from the Firewalls, essentially this overrides the settings of either DHCP or Static DNS settings. Killing securemote stopped it from redirecting the queries. DId you have each DNS server listed in your dnsinfo file?        If so, if the first two DNS servers listed there were the machines you took down, the timeout for each DNS server failure is 20 seconds. If windows does not get resolution within I think 30 Seconds, it fails to resolve and will not go to a third server for the DNS resolution.       -=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- Larry Pingree Sr. Security Consultant Email: [EMAIL PROTECTED]   SiegeWorks WebSite: http://www.siegeworks.com/ Enterprise Support, Security Consulting and Training -=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- ----- Original Message ----- From: Rob Michayluk To: '[EMAIL PROTECTED]' Sent: Tuesday, March 27, 2001 9:42 AM Subject: [FW1] Split DNS Hi there, We just experienced an issue that seemed to be a split-dns problem and I was wondering if anyone else had encountered this or had any thoughts on it. Some background: We employ split DNS to allow our vpn users to access internal network resources. We do not use WINS and instead use DNS for all name resolution. In our DHCP scope, we listed 4 DNS servers. Recently, we cut that down to 2 and we removed the servers from the DHCP scope that users were using for split DNS. After we had made that change, some users were complaining they could not access anything outside our network when they were plugged directly into our internal LAN. It turns out that the only users who were having the problem were those who had SecuRemote installed on their laptops. They could not resolve any names, except through broadcasting. They're all on Win2K machines and I tried to do nslookups, but it wouldn't recognize either of our 2 DNS servers that were in the DHCP scope. If I killed the SecuRemote client on their machines, the problem stopped and everything was tickety-boo. We changed the dnsinfo file on the firewall to reflect the new DNS servers and had everyone update their clients and all is fine now. What happened? It almost looks like SecuRemote is still active even if you're connected to the local LAN. Has anyone else had anything like this happen? Rob Michayluk Computer Network Services Analyst ACD Systems Limited Tel:  (250) 544-6700 Fax: (250) 544-0291 [EMAIL PROTECTED] www.ACDSYSTEMS.com                         Come meet the ACD Systems Team!                         CeBIT 2001, Hannover, Germany, March 22-28, Location 009, Stand B45/2                         MacWorld 2001, New York, July 18-20, Booth 1331                         Comdex Fall 2001, November 12 - 16

smime.p7s