Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Caching of hostnames

Messages: 8
Karma: 0
Send a private message to this user
Hello there,

in my kerio setup (6.3, btw, they performance improvements are quite cool!) I have set up several Adress Groups containing Hosts with dynamic dns hostnames, thus hostnames where the underlaying ip can change quite often. The reason is I want serveral external computers allow access to serveral resources on the firewall computer, regardless where there are and how they are contected to the net. They just have to run a DynaDns update and they should able to connect.

This setup seems to work quite nice at first glance, but it seems that the ip's of the hostnames get cached by KWF. Thus connecting one time is fine, but after an ip change the client wont get through the filters anymore. If I do an ipconfig /flushdns and a "clear cache" in the Microsoft DNS server (kerio DNS forwarding is disabled) I can see the correct ip adres by doing "nslookup <dnsname>", but even then KWF still sticks somewhere to the old one.

Thus my question is: Is there a way to clear the Adress Groups-Hostname cache, or tell KFW to not cache them at all?


Messages: 9
Karma: 0
Send a private message to this user

this is a know problem.
i have already informed Kerio about this on july 2006.
they registered this problem with number 17916.
and they write "At present however there is no timescale for its implementation."

KWF resolve the host name (DDNS) only at startup or if you change the rules Crying or Very Sad

[Updated on: Sun, 01 April 2007 18:25]

Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Support for DDNS is available in KWF 6.4.0.

Messages: 12
Karma: 0
Send a private message to this user
There remains a problem with version 6.4.0 of winroute firewall
There remains a problem with version 6.4.1 of winroute firewall

Messages: 12

Karma: 0
Send a private message to this user
I am using KWF 6.4.2 and I found that if you use Microsoft DNS Server with any DHCP server, you have to create a Reverse Lookup Zone with the subnet of LAN. Having this, KWF will easily resolve the IPs to Hostnames.

Other method is that you can install Microsoft WINS Server to run along with Microsoft DNS Server with an WINS record in DNS Server. Having this, KWF will be able to resolve.

The problem is that sometimes, IPs can not be resolved to hostname by KWF. I also installed KWF to use with a LAN of 60PCs. Among them, about 20 PCs can not be resolved into hostname (Dynamic IPs).

A temporary resolution, I think is that you can use User to implement all needed policies in KWF by doing:
- Using DHCP Server to "fix" IPs leased per certain MAC addresses.
- Create Users in KWF so that an user is with a fixed IP address.

Doing this way, you will not need to use MS DNS Server or MS WINS Server.

Good luck
Previous Topic: port mapping not working properly
Next Topic: Moving a Kerio Firewall Server to a Domain
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 08:30:44 CET 2017

Total time taken to generate the page: 0.00371 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.