D-Link DFL-260E User Manual for DFL-260E - Page 161
DNS Lookup and IP Rules, Dynamic DNS and HTTP Poster, System > Misc. Clients
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 161 highlights
3.10. DNS Chapter 3. Fundamentals DNS Lookup and IP Rules In the case of DNS server request being generated by NetDefendOS itself, no IP rules need to be defined for the connection to succeed. This is because connections initiated by NetDefendOS are considered to be trusted. For example, this would be the case if NetDefendOS is accessing a CA server to establish the validity of a certificate and first needs to resolve the certificate's FQDN to an IP address. Dynamic DNS and HTTP Poster A DNS feature offered by NetDefendOS is the ability to explicitly inform DNS servers when the external IP address of the NetDefend Firewall has changed. This is sometimes referred to as Dynamic DNS and is useful where the NetDefend Firewall has an external address that can change. Dynamic DNS can also be useful in VPN scenarios where both ends of the tunnel have dynamic IP addresses. If only one side of the tunnel has a dynamic address then the NetDefendOS VPN keep alive feature solves this problem. Under System > Misc. Clients in the WebUI, several dynamic DNS services are defined. The HTTP Poster client object is a generic dynamic DNS client with the following characteristics: • Multiple HTTP Poster objects can be defined, each with a different URL and different optional settings. • By default, an HTTP Poster object sends an HTTP GET request to the defined URL. Some servers require an HTTP POST request and to achieve this the option HTTP Post the Values should be enabled. This is usually needed when authentication parameters are being sent in the URL. • By default, HTTP Poster does not automatically send the server request after NetDefendOS reconfiguration. This behaviour can be changed by enabling the option Repost on each reconfiguration. There is one exception to the default behaviour and that is after a reconfigure which is the result of getting a new local IP address on the interface that connects to the DNS server. NetDefendOS always waits a predefined period of 20 seconds before reposting after a configuration. • The default Repost Delay is 1200 seconds (20 minutes). This can be altered. The predefined DynDNS client has an inbuilt refetch time of 30 days which cannot be changed. The difference between HTTP Poster and the predefined named DNS servers is that HTTP Poster can be used to send any URL. The named services are a convenience that make it easy to correctly format the URL needed for that particular service. For example, the http:// URL for the dyndns.org service might be: myuid:[email protected]/nic/update?hostname=mydns.dyndns.org This could be sent by using HTTP Poster. Alternatively, the URL could be automatically formatted for the administrator by NetDefendOS through using the DynDNS option and entering only the information required for dyndns.org. The CLI console command httpposter can be used to troubleshoot problems by seeing what NetDefendOS is sending and what the servers are returning: gw-world:/> httpposter 161