cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 5

Use MWGs named from inside

Jump to solution

Hi,

I got this system inside my network which insists an talking to a DNS server to resolve some external addresses.

I would like to offer MWGs named, but it has "listen-on port 53 { 127.0.0.1; };" configured, so it can't be reached from the network.

Also, MWGs port forwarding mechanism is limited to TCP (this actually is xinetd's limitation), so I can't simply forward the traffic.

If I mess with /etc/named.conf: will this change be persistent over MWG updates?

Kind regards,

Robert

1 Solution

Accepted Solutions
eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 2 of 5

Re: Use MWGs named from inside

Jump to solution

The manual changes you make will not be preserved when you hit the save changes on MWG's GUI.

Every time you save, the underlying named.conf gets re-written to reflect what the GUI has set.

This is not going to be workable. You need a real DNS forwarder on another server.

Something simple like dnsmasq might work or any of the opensource servers.

View solution in original post

4 Replies
eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 2 of 5

Re: Use MWGs named from inside

Jump to solution

The manual changes you make will not be preserved when you hit the save changes on MWG's GUI.

Every time you save, the underlying named.conf gets re-written to reflect what the GUI has set.

This is not going to be workable. You need a real DNS forwarder on another server.

Something simple like dnsmasq might work or any of the opensource servers.

View solution in original post

eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 3 of 5

Re: Use MWGs named from inside

Jump to solution

If the application is only looking for a couple of domains, you could have the primary DNS server have a zone to spoof that individual domain and return the desired IP address, or you can have that zone be a conditional forwarder to the internet to return the real IP addresses, depending on the desired results.

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 5

Re: Use MWGs named from inside

Jump to solution

Hi,

thanks for your quick answer. Fortunately I "found" another system in the border network I can use as DNS forwarder.

Nonetheless I would like to encourage McAfee to rethink this topic. Actually MWG would become a perfect DNS forwarder by deleting 3 lines from /etc/named.conf:

  • listen-on port 53 { 127.0.0.1; };
  • listen-on-v6 port 53 { ::1; };
  • allow-query {localhost;};

Kind regards,

Robert

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 5

Re: Use MWGs named from inside

Jump to solution

Hi Eric,

That's not entirely correct. I've made changes to the file /var/named/chroot/etc/named.conf.mwg and find that it is persistent until we do a service mwg restart.

I'm doing this as I am redirecting Google to a different DNS server (it was the easiest way to get forcesafesearch.google.com working with out a DNS server that supports RPZ) since there are 199 domains for Google and I'm not going to enter all of them by hand on to 10+ servers in the conditional DNS forwarding list.

Tris

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community