Kerio Tech Firewall6

16.2 Demand Dial

227

Technical Peculiarities and Limitations

Demand dialing has its peculiarities and limitations. The limitations should be consid-

ered especially within designing and conﬁguration of the network that will use WinRoute

for connection and of the dial-up connected to the Internet.

1. Demand dial cannot be performed directly from the host where WinRoute is installed

because it is initiated by WinRoute low-lever driver. This driver holds packets and

decides whether the line should be dialed or not. If the line is disconnected and

a packet is sent from the local host to the Internet, the packet will be dropped by

the operating system before the WinRoute driver is able to capture it.

2. Typically the server is represented by the DNS name within traﬃc between clients

and an Internet server. Therefore, the ﬁrst packet sent by a client is represented by

the DNS query that is intended to resolve a host name to an IP address.

In this example, the DNS server is the WinRoute host (this is very common) and the

line to the Internet is disconnected. A client’s request on this DNS server is traﬃc

within the local network and, therefore, it will not result in dialing the line. If the

DNS server does not have the appropriate entry in the cache , it must forward the

request to another server on the Internet. The packet is forwarded to the Internet by

the local DNS client that is run at the WinRoute host. This packet cannot be held and

it will not cause dialing of the line. Therefore, the DNS request cannot be answered

and the traﬃc cannot continue.

For these reasons, WinRoute DNS Forwarder enables automatic dialing (if the DNS

server cannot respond to the request itself). This function is dependent on demand

dial — if the demand dial function is disabled, the DNS Forwarder will not dial the

line.

Note: If the DNS server is located on another host within the local network or clients

within the local network use an Internet DNS server, then the limitation is irrelevant

and the dialing will be available. If clients’ DNS server is located on the Internet, the

line will be dialed upon a client’s DNS query. If a local DNS server is used, the line

will be dialed upon a query sent by this server to the Internet (the default gateway

of the host where the DNS server is running must be set to the IP address of the

WinRoute host).

3. It can be easily understood through the last point that if the DNS server is to be

running at the WinRoute host, it must be represented by DNS Forwarder because it

can dial the line if necessary.

If there is a domain that is based on Active Directory in the Windows 2000 local net-

work, Microsoft DNS server must be used as communication with Active Directory