[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | SEAL |
|
| Moderator: | GALVIA::SMITH |
|
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
1842.0. "DNS for outside access" by GENIE::MUKHERJEE () Thu Mar 06 1997 12:19
Hi,
Any assistance for the following would be extrememly appreciated.
We have a customer that has 2 firewalls set up. Now he wants to set up 3000+ AV tunnel clients to connect with 2
Tunnel Servers in the secure side.
The issue at stake is how to set up the clients so that they can failover to the alternate firewall if they cannot
connect through the first one.
At first I thought about Round Robin DNS, but then realized that this MIGHT NOT work for the external lookups.
What I mean is that the DNS servers will probably cache the FW address and thus never return the alternate FW
address. (ie returning Non-authoritative answers)
The AV Clients will be a mixture of PCs and UNIX or VMS hosts running through workgroup tunnel clients.
Anyone know if there might be a way to set up a lookup/connection scheme like that of the BIND nslookup.
What I am referring to is the /etc/resolv.conf file in the UNIX machines that lists all the DNS servers and the
request is tried on each of the servers till an answer is returned.
This would be the same type of strategy, where users would just click on the application and the connection
would connect through the default firewall. In case the default was not functioning, the session would try to
connect through the second firewall.
A thought I had to dismiss was setting up a DNS round robin on the firewall name at the client site. Apparantly,
this is not appreciated by the possible 50+ customer sites.
Thanks,
Arjo
| T.R | Title | User | Personal
Name | Date | Lines
|
|---|