>I was just talking with a company using ANS interlock, and he commented
>that for DNS ANS has two entries in a resolv.conf, one for inside, and
>another for outside lookups.
>That being the case, is there any way to from an INTERNAL machine (NOT
>the firewall itself) to query SOMETHING that would return a correct
>address of an external machine. ??
>He said all his users use things like the firewall setting in Netscape,
>and this automatically does it.
>Could someone please offer some advice on what is happening here.
Charles,
The versions of the Interlock that I have worked on completely isolate
traffic
going between the external and internal networks. A DNS lookup that is
originated from an internal host can only find internal systems. Likewise
a DNS lookup that is originated from an external host can not see hosts
on the inside of the firewall. There is a file on the Interlock that
defines
internal and external networks. There is also a file that defines external
and internal DNS servers.
When a user wishes to connect to a system outside the firewall, the user
must first connect to the firewall. This address is found in the internal
DNS. The lookup for the external connection is done from the firewall
out to an external DNS server. This second lookup is transparent to
the user.
hope this helps,
Eric
------------------------------------------------------------------
Eric Maiwald maiwalde @
nasd .
com
Senior Information Security Specialist
National Association of Securities Dealers
All opinions are my own and do not necessarily
represent the views of my employer.
------------------------------------------------------------------
|
|
