+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, Static DNS entry / HOSTS file for Smoothwall? in Technical; There's a county intranet system that, for security, does not have its DNS entry published. We've just had our public ...
  1. #1

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,035
    Thank Post
    890
    Thanked 1,475 Times in 1,012 Posts
    Blog Entries
    47
    Rep Power
    647

    Question Static DNS entry / HOSTS file for Smoothwall?

    There's a county intranet system that, for security, does not have its DNS entry published. We've just had our public IP added to their firewall whitelist to allow us access, and have been given the relevant DNS entry to access it. Adding this DNS line to my HOSTS file on my machine works, so long as I'm not going through the proxy.

    Unfortunately, I need everyone to go through the proxy, because I have to be able to filter access to make sure only staff can get to it (this was a provision of obtaining access).

    The Smoothwall looks at my two domain controllers for its DNS. I've tried amending the HOSTS file on the primary DNS server, and whilst it works for access from that server, it's not affected the Smoothwall looking it up (it was an outside shot anyway).

    I don't want to set up an additional zone on my AD-integrated DNS just for one record - I forget the specifics but I have a niggling feeling that is A Bad Idea.

    If I can add a specific DNS entry to the Smoothwall it should work fine; is there any way of doing this?

    (the only alternative I can think of is sending out a HOSTS file via GPP, and then setting the URL as a proxy exception only for staff, but that seems quite cludgy)

  2. #2

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,363
    Thank Post
    1,500
    Thanked 1,054 Times in 923 Posts
    Rep Power
    303
    Could you not put it in the Static DNS part of Smoothwall? I know I have some entrys in mine for the cluster sites we host however I have the server for them in-house so it is a true Internal IP it has but maybe worth a go for your site?

    You will find Static DNS under Services > DNS > Static DNS

  3. #3

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,247
    Thank Post
    13
    Thanked 231 Times in 220 Posts
    Rep Power
    68
    As I don't know Smoothwall the only way I would do it is to create a zone in DNS and do it that way, its what it is there for.

  4. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,479
    Thank Post
    867
    Thanked 852 Times in 673 Posts
    Rep Power
    197
    John's solution should work...

  5. #5

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,035
    Thank Post
    890
    Thanked 1,475 Times in 1,012 Posts
    Blog Entries
    47
    Rep Power
    647
    Quote Originally Posted by john View Post
    Could you not put it in the Static DNS part of Smoothwall? I know I have some entrys in mine for the cluster sites we host however I have the server for them in-house so it is a true Internal IP it has but maybe worth a go for your site?

    You will find Static DNS under Services > DNS > Static DNS
    That sounds like exactly what I'm looking for.

    But DNS does not exist under Services for me

    (SWG-1200)

  6. #6


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,479
    Thank Post
    867
    Thanked 852 Times in 673 Posts
    Rep Power
    197
    Ah... there's no DNS proxy in an SWG - sadly it's an intrinsic part of the firewall code so can't be easily mangled on (we will be unmanglking it this year though) - one option is to run the firewall s/w without an external connection on your 1200 hardware...

  7. #7

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,035
    Thank Post
    890
    Thanked 1,475 Times in 1,012 Posts
    Blog Entries
    47
    Rep Power
    647
    Quote Originally Posted by tom_newton View Post
    Ah... there's no DNS proxy in an SWG - sadly it's an intrinsic part of the firewall code so can't be easily mangled on (we will be unmanglking it this year though) - one option is to run the firewall s/w without an external connection on your 1200 hardware...
    Alas! Is there no way of squeezing it in at the CLI? It is just this one entry.
    @MatthewL: this is the bit where I'm rusty (that MCSA was a couple of years ago now) - if I create a new zone, won't that override all lincolnshire.gov.uk lookups even though I only want to add a single subdomain in? If it's additive then I should be fine, but I have an inkling that I'd need to manually recreate the entire zone, which I don't want to do.

  8. #8

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,247
    Thank Post
    13
    Thanked 231 Times in 220 Posts
    Rep Power
    68
    Don't quote me on this as I don't know your setup but if you add the new zone as subdomain.lincolnshire.gov.uk and then enter your A record or what ever it should work.

    Where are you in Lincolnshire?

  9. Thanks to MatthewL from:

    sonofsanta (9th April 2013)

  10. #9

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,035
    Thank Post
    890
    Thanked 1,475 Times in 1,012 Posts
    Blog Entries
    47
    Rep Power
    647
    Quote Originally Posted by MatthewL View Post
    Don't quote me on this as I don't know your setup but if you add the new zone as subdomain.lincolnshire.gov.uk and then enter your A record or what ever it should work.

    Where are you in Lincolnshire?
    That looks to have worked a treat, tah - new Primary DNS zone for the specific subdomain and a single A record with a blank name. The normal lincolnshire.gov.uk still works fine as well so we look to be set. Cheers!

    The school is in Grantham, though I'm from Horncastle myself (and originally from Skeg, for my sins)

  11. #10

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,035
    Thank Post
    890
    Thanked 1,475 Times in 1,012 Posts
    Blog Entries
    47
    Rep Power
    647
    Alas! The site in question does not pick up the username. Where I need to unblock such sites, I add them to my NTLM Exceptions list; but this one I need to block, and for a specific set of users. Argh!

    Is there any way of getting the Smoothwall to pick up the username so I can block for students and not for staff? Kerberos auth, HTTPS site (being decrypted and inspected), SWG-1200

SHARE:
+ Post New Thread

Similar Threads

  1. Hosting Files for non-organisational people
    By Zoatibix in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 10th October 2011, 10:38 AM
  2. Replies: 2
    Last Post: 28th August 2007, 06:08 PM
  3. DHCP & DNS entries are not the same.
    By tosca925 in forum Windows
    Replies: 3
    Last Post: 7th June 2007, 08:16 AM
  4. Hosts file not working
    By Zoom7000 in forum Windows
    Replies: 7
    Last Post: 27th February 2007, 12:14 PM
  5. Local HOSTS file ignored on a domain
    By eejit in forum Windows
    Replies: 19
    Last Post: 24th June 2005, 02:10 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •