Kerio Tech Firewall6 User Manual
Page 383
25.4 Internet links dialed on demand
383
will be dialed upon a client’s DNS query. If a local DNS server is used, the line will be
dialed upon a query sent by this server to the Internet (the default gateway of the host
where the DNS server is running must be set to the IP address of the WinRoute host).
3.
It can be easily understood through the last point that if the DNS server is to be running at
the WinRoute host, it must be represented by DNS Forwarder because it can dial the line
if necessary.
If there is a domain based on Active Directory in the LAN (domain server with Windows
Server 2000/2003/2008), it is necessary to use Microsoft DNS server, because communica-
tion with Active Directory uses special types of DNS request. Microsoft DNS server does not
support automatic dialing. Moreover, it cannot be used at the same host as DNS Forwarder
as it would cause collision of ports.
As understood from the facts above, if the Internet connection is to be available via dial-
up, WinRoute cannot be used at the same host where Windows Server with Active Directory
and Microsoft DNS are running.
4.
If DNS Forwarder is used, WinRoute can dial as a response to a client’s request if the
following conditions are met:
•
Destination server must be defined by DNS name so that the application can create
a DNS query.
•
In the operating system, set the primary DNS server to the IP address of the fire-
wall). In Windows, go to TCP/IP properties in interfaces connected to the LAN and
set the IP address of this interface as the primary DNS server.
5.
The Proxy server in WinRoute (see chapter
) also provides direct dial-up connections.
A special page providing information on the connection process is opened (the page is
refreshed in short periods). Upon a successful connection, the browser is redirected to
the specified Website.
Unintentionally dialed link — application of on-demand dial rules
Demand dial functions may cause unintentional dialing. It’s usually caused by DNS queries
that are handled by the DNS Forwarder The following causes apply:
•
User host generates a DNS query in the absence of the user. This traffic attempt may be
an active object at a local HTML page or automatic update of an installed application.
•
DNS Forwarder performs dialing in response to requests of names of local hosts. De-
fine DNS for the local domain properly (use the hosts system file of the WinRoute host
— for details, see chapter
Note: Undesirable traffic causing unintentional dialing of a link can be blocked by WinRoute
traffic rules (see chapter
). However, the best remedy for any pain is always removal of its
cause (e.g. perform antivirus check on the corresponding workstation, etc.).