This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2024-11-08 01:22 AM

DNS rewriting Hack

I have found an interesting way to rewrite DNS requests to other IP addresses.
This makes it possible to use the internal private addresses on the internal DNS server for the DNS requests.
External DNS queries that are requested via the Internet can be rewritten to official addresses on the firewall.
The ISP function can be used as a hack for this purpose.

If you activate and configure ISP Redundancy on the gateway, you have the option of rewriting DNS queries. This can be used to rewrite regular DNS queries to other IP addresses.

Example configuration:

1) Enable ISP on the gateway
DNS1_57h543.jpg

2) Now select the “Primary/Backup” redundancy mode (see picture 1)

3) Now create an ISP link (that corresponds to your external interface in the direction to the Internet in my example “external_interface”.
DNS2_345njk3k4.jpg

4) Unfortunately, two interfaces must be defined, so you have to work with a placeholder interface for ISP2 link. Then create a link that only functions as a placeholder in my example “not_used”. Fictitious IP addresses can be used for the interface.

5) Now enabling “DNS Proxy”
DNS2B_64hjh423.png

6) In the next step, you can enter the DNS settings that you want to rewrite (red).
DNS3_345hj345.png

You can enter any address for the second ISP backup link (blue), as this is not used in my example.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
4 Replies
Thomas_Eichelbu
Advisor
Advisor
‎2024-11-08 02:57 AM

Hello, 

not sure if you could call it a "hack" ... it just the way it works i would say ...
overwrite everything with your manual configuration
maybe a dirty way to make split DNS when connecting via Client VPN. 🙂


HeikoAnkenbrand
Champion Champion
Champion
‎2024-11-09 08:19 AM
In response to Thomas_Eichelbu

Hi @Thomas_Eichelbu,

Hack or no hack.

Had used ISP in a customer project to do this.
It is the only way I know of to rewrite DNS requests on a gateway😊.

It is a pity that there is no DNS proxy that can be used to rewrite DNS queries. It was a feature request of me years ago.
ISP primary is not designed to rewrite DNS requests, but it can be used to do so, even if only one internet service provider is used.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
the_rock
Legend
Legend
‎2024-11-10 03:36 PM
In response to HeikoAnkenbrand

Good point @HeikoAnkenbrand 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-11 03:02 PM
In response to HeikoAnkenbrand

Someone must have heard you (and others) as it's integrated into R82: https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG... 

The funny thing is that dnsmasq has been installed on Gaia since at least R77.20 though it was disabled.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events