Previous Topic

Next Topic

Using the DNS Service

ViPNet technology supports use of the DNS service to retrieve the IP addresses of different applied servers.

To make the DNS service work in the ViPNet network, the DNS names, and corresponding IP addresses, of applied servers must be registered on the DNS server in accordance with certain rules.

DNS service support is provided by ViPNet technology either automatically or by manually specifying the DNS names for ViPNet nodes in the ViPNet [Monitor] program. The following list explains the different scenarios:

  1. The applied server is installed on a protected computer. In this situation, the DNS name of this server corresponds to the real or virtual IP address of this protected computer and you don't need to make any settings for DNS names in ViPNet.
  2. The applied server is installed on a ViPNet node working through firewall (NAT device). In this situation, the DNS name of this server corresponds to IP address of this firewall (NAT device) and you must specify the DNS name on the ViPNet node that will use the applied server by DNS name. If you define a DNS name in ViPNet Manager, you need to specify this DNS name on the node where the applied server is installed.
  3. The DNS name and IP address of the protected applied server are registered on a public (open) DNS server. In this situation, the DNS name must be specified on those ViPNet nodes that will use the applied server by DNS name. If you define a DNS name in ViPNet Manager, you need to specify this DNS name on the node where the applied server is installed. However, if this applied server is installed on a computer that is tunneled by any coordinator, you need to define the DNS name in the settings of this coordinator.

    Note: Public DNS servers may be attacked. If an attack (caused by IP address substitution) of a network resource takes place, the 'attacking' computer will try to get information from the protected computer. To avoid such attacks, it's better to specify the DNS names for all protected applied servers (even they aren't registered on public DNS servers) on ViPNet nodes using the public DNS server. If such an attack takes place, that re-addressed information will be encrypted and inaccessible to the attacking computer.

  4. The DNS service can be used if there is no way to assign a constant IP address for a coordinator or NAT device (eg, DSL modem) through which a coordinator works. If the IP address for this coordinator is needed by other coordinators or by workstations for which this coordinator is the IP addresses server, you should register this address (for a corresponding DNS name) on the DNS server. The DNS name must be specified on the ViPNet nodes for which coordinator access is necessary. If you define DNS names in ViPNet Manager, you also need to specify them on the coordinator.

Back to top

© 2007 Infotecs