Dynamic dns for public ip address of the firewall – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 119
8.3 Dynamic DNS for public IP address of the firewall
119
Warning
1.
DHCP server cannot assign addresses to RAS clients connecting to the RAS server
directly at the WinRoute host (for technical reasons, it is not possible to receive DHCP
queries from the local RAS server). For such cases, it is necessary to set assigning of
IP addresses in the RAS server configuration.
2.
The RAS service in Windows leases a new IP address for each connection (even if re-
quested by the same client). WinRoute includes RAS clients in total number of clients
when checking whether number of licensed users has been exceeded (see chapter
This implies that repeated connection of RAS clients may cause exceeding of the num-
ber of licensed users (if the IP scope for the RAS service is too large or/and an address
is leased to RAS clients for too long time). Remote clients will be then allowed to con-
nect and communicate with hosts in the local network, while they will not be allowed
to connect to the Internet via WinRoute.
Declined options
These options define how declined IP addresses (DHCPDECLINE report) will be handled.
These addresses can be either considered released and assigned to other users if needed
(the Offer immediately option) or blocked during a certain time for former clients to be
able to use them (the Declined addresses can be offered after timeout option).
8.3 Dynamic DNS for public IP address of the firewall
Kerio WinRoute Firewall provides (among others) services for remote access from the Internet
to the local network (VPN server — see chapter
and the Clientless SSL-VPN interface — see
chapter
). Also other services can be accessible from the Internet — e.g. the Kerio StaR
interface (see chapter
), remote administration of WinRoute by the Administration Console
(see chapter
) or any other service (e.g. web server in local network — see chapter
These services are available at the firewall’s public IP address. If this IP address is static and
there exists a corresponding DNS record for it, a corresponding name can be used for access
to a given service (e.g. server.company.com). If there is no corresponding DNS record, it is
necessary to remember the firewall’s IP address and use it for access to all services. If the
public IP address is dynamic (i.e. it changes), it is extremely difficult or even impossible to
connect to these services from the Internet.
This problem is solved by WinRoute’s support for dynamic DNS. Dynamic DNS provides DNS
record for a specific name of a server which will always keep the current IP address. This
method thus allows making mapped services always available under the same server name,
regardless of the fact if IP address changes and how often.
How cooperation with dynamic DNS works
Dynamic DNS (DDNS) is a service providing automatic update of IP address in DNS record for
the particular host name. Typically, two versions of DDNS are available: