Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Configuration of network services The problem can be better understood through the following example. Example: The local domain’s name is company.com. The host called john is configured so as to obtain an IP address from the DHCP server. After the operating system is started the host sends to the DHCP server a query with the information about its name (john). The DHCP server assigns the host IP address 192.168.1.56. The DHCP server then keeps the information that the IP address is assigned to the john host. Another host that wants to start communication with the host will send a query on the john.company.com name (the john host in the company.com domain). If the local domain name would not have been known by the DNS module, the forwarder would pass the query to another DNS server as it would not recognize that it is a local host. However, as DNS Forwarder knows the local domain name, the company.com name will be separated and the john host with the appropriate IP address will be easily looked up in the DHCP table. Enable DNS forwarding The DNS module allows forwarding of certain DNS requests to specific DNS servers. This feature can be helpful for example when we intend to use a local DNS server for the local domain (the other DNS queries will be forwarded to the Internet directly — this will speed up the response). DNS forwarder’s settings also play role in configuration of private networks where it is necessary to provide correct forwarding of requests for names in domains of remote subnets (for details, check chapter 23). Request forwarding is defined by rules for DNS names or subnets. Rules are ordered in a list which is processed from the top. If a DNS name or a subnet in a request matches a rule, the request is forwarded to the corresponding DNS server. Queries which do not match any rule are forwarded to the “default” DNS servers (see above). Note: If the Simple DNS resolution is enabled (see below), the forwarding rules are applied only if the DNS module is not able to respond by using the information in the hosts system file and/or by the DHCP lease table. Clicking on the Define button in the DNS module configuration (see figure 9.1) opens a dialog for setting of rules concerning forwarding of DNS queries. The rule can be defined for: • DNS name — queries requiring names of computers will be forwarded to this DNS server (so called A queries), • a subnet — queries requiring IP addresses of the particular domain will be forwarded to the DNS server (reverse domain — PTR queries). Rules can be reordered by arrow buttons. This enables creating of more complex combinations of rules — e.g. exceptions for certain workstations or subdomains. As the rule list is processed 128
9.1 DNS module Figure 9.3 Specific settings of DNS forwarding from the top downwards, rules should be ordered starting by the most specific one (e.g. name of a particular computer) and with the most general one at the bottom (e.g. the main domain of the company). Similarly to this, rules for reversed DNS queries should be ordered by subnet mask length (e.g. with 255.255.255.0 at the top and 255.0.0.0 at the bottom). Rules for queries concerning names and reversed queries are independent from each other. For better reference, it is recommended to start with all rules concerning queries for names and continue with all rules for reversed queries, or vice versa. Click on the Add or the Edit button to open a dialog where custom DNS forwarding rules can be defined. • The Name DNS query option allows specification of a rule for name queries. Use the If the queried name matches entry to specify a corresponding DNS name (name of a host in the domain). It is usually desirable to forward queries to entire domains rather than to specific names. Specification of a domain name may therefore contain * wildcard symbol (asterisk — substitutes any number of characters) and/or (question mark — substitutes a single character). The rule will be applied to all names matching with the string (hosts, domains, etc.). 129
- Page 77 and 78: Chapter 7 Traffic Policy Traffic Ru
- Page 79 and 80: 7.1 Network Rules Wizard Step 4 —
- Page 81 and 82: 7.1 Network Rules Wizard Figure 7.5
- Page 83 and 84: 7.1 Network Rules Wizard Note: In t
- Page 85 and 86: 7.3 Definition of Custom Traffic Ru
- Page 87 and 88: 7.3 Definition of Custom Traffic Ru
- Page 89 and 90: 7.3 Definition of Custom Traffic Ru
- Page 91 and 92: 7.3 Definition of Custom Traffic Ru
- Page 93 and 94: 7.3 Definition of Custom Traffic Ru
- Page 95 and 96: 7.3 Definition of Custom Traffic Ru
- Page 97 and 98: 7.4 Basic Traffic Rule Types Do not
- Page 99 and 100: 7.4 Basic Traffic Rule Types Figure
- Page 101 and 102: 7.4 Basic Traffic Rule Types Transl
- Page 103 and 104: 7.5 Policy routing 7.5 Policy routi
- Page 105 and 106: 7.6 User accounts and groups in tra
- Page 107 and 108: 7.7 Partial Retirement of Protocol
- Page 109 and 110: 7.8 Use of Full cone NAT as possibl
- Page 111 and 112: 7.9 Media hairpinning the port of t
- Page 113 and 114: 8.1 Network intrusion prevention sy
- Page 115 and 116: 8.1 Network intrusion prevention sy
- Page 117 and 118: 8.2 MAC address filtering Figure 8.
- Page 119 and 120: 8.3 Special Security Settings Anti-
- Page 121 and 122: 8.4 P2P Eliminator Figure 8.5 Detec
- Page 123 and 124: 8.4 P2P Eliminator The Define servi
- Page 125 and 126: 9.1 DNS module of the firewall’s
- Page 127: 9.1 DNS module Figure 9.2 Editor of
- Page 131 and 132: 9.2 DHCP server If the Do not forwa
- Page 133 and 134: 9.2 DHCP server Figure 9.5 DHCP ser
- Page 135 and 136: 9.2 DHCP server Figure 9.7 DHCP ser
- Page 137 and 138: 9.2 DHCP server Figure 9.9 DHCP ser
- Page 139 and 140: 9.2 DHCP server Leases IP scopes ca
- Page 141 and 142: 9.2 DHCP server Figure 9.13 DHCP se
- Page 143 and 144: 9.3 Dynamic DNS for public IP addre
- Page 145 and 146: 9.4 Proxy server Proxy Server Confi
- Page 147 and 148: 9.5 HTTP cache Note: The configurat
- Page 149 and 150: 9.5 HTTP cache other objects can be
- Page 151 and 152: 9.5 HTTP cache TTL TTL of objects m
- Page 153 and 154: Chapter 10 Bandwidth Limiter The ma
- Page 155 and 156: 10.2 Bandwidth Limiter configuratio
- Page 157 and 158: 10.2 Bandwidth Limiter configuratio
- Page 159 and 160: 10.3 Detection of connections with
- Page 161 and 162: 11.1 Firewall User Authentication T
- Page 163 and 164: 11.1 Firewall User Authentication a
- Page 165 and 166: 12.1 Web interface and certificate
- Page 167 and 168: 12.2 User authentication at the web
- Page 169 and 170: Chapter 13 HTTP and FTP filtering K
- Page 171 and 172: 13.2 URL Rules Rules in this sectio
- Page 173 and 174: 13.2 URL Rules for example a rule a
- Page 175 and 176: 13.2 URL Rules • A page informing
- Page 177 and 178: 13.3 Content Rating System (Kerio W
Configuration of network services<br />
The problem can be better understood through the following example.<br />
Example:<br />
The local domain’s name is company.com. The host called john is configured so<br />
as to obtain an IP address from the DHCP server. After the operating system is<br />
started the host sends to the DHCP server a query with the information about its<br />
name (john). The DHCP server assigns the host IP address 192.168.1.56. The<br />
DHCP server then keeps the information that the IP address is assigned to the<br />
john host.<br />
Another host that wants to start communication with the host will send a query<br />
on the john.company.com name (the john host in the company.com domain).<br />
If the local domain name would not have been known by the DNS module, the<br />
forwarder would pass the query to another DNS server as it would not recognize<br />
that it is a local host. However, as DNS Forwarder knows the local domain name,<br />
the company.com name will be separated and the john host with the appropriate<br />
IP address will be easily looked up in the DHCP table.<br />
Enable DNS forwarding<br />
The DNS module allows forwarding of certain DNS requests to specific DNS servers. This<br />
feature can be helpful for example when we intend to use a local DNS server for the local<br />
domain (the other DNS queries will be forwarded to the Internet directly — this will speed<br />
up the response). DNS forwarder’s settings also play role in configuration of private networks<br />
where it is necessary to provide correct forwarding of requests for names in domains of remote<br />
subnets (for details, check chapter 23).<br />
Request forwarding is defined by rules for DNS names or subnets. Rules are ordered in a list<br />
which is processed from the top. If a DNS name or a subnet in a request matches a rule, the<br />
request is forwarded to the corresponding DNS server. Queries which do not match any rule<br />
are forwarded to the “default” DNS servers (see above).<br />
Note: If the Simple DNS resolution is enabled (see below), the forwarding rules are applied only<br />
if the DNS module is not able to respond by using the information in the hosts system file<br />
and/or by the DHCP lease table.<br />
Clicking on the Define button in the DNS module configuration (see figure 9.1) opens a dialog<br />
for setting of rules concerning forwarding of DNS queries.<br />
The rule can be defined for:<br />
• DNS name — queries requiring names of computers will be forwarded to this DNS<br />
server (so called A queries),<br />
• a subnet — queries requiring IP addresses of the particular domain will be forwarded<br />
to the DNS server (reverse domain — PTR queries).<br />
Rules can be reordered by arrow buttons. This enables creating of more complex combinations<br />
of rules — e.g. exceptions for certain workstations or subdomains. As the rule list is processed<br />
128
Change language