Page 1 of 1

Why can't I use names from the DNS in the rules?

Posted: 30 Apr 2008, 14:17
by jono
This FAQ applies to:
  • Clavister CorePlus, cOS Core.
Why can't I use names from the DNS in the Security Gateway rules?

DNS is an unreliable structure. If you yourself are unable to control what is in the DNS for your domain or if, for example, your DNS server were to temporarily go down, the Security Gateway would be forced to gather data from sources that are outside its protection. If this were to happen, it would make it possible for an intruder to trick the Security Gateway into opening a hole through which his own computer could gain access. Along the same lines, communication normally permitted to a publicly accessible server behind the Security Gateway could be diverted to an entirely different machine behind the Security Gateway, not meant to be publicly accessible.

The DNS settings in Clavister Security Gateway is only used when the SGW itself needs to perform a DNS lookup for i.e to contact the WCF server(s), resolve a DNS remote Gateway on an Ipsec tunnel etc.