From: Robert Lowe (Robert.H.Lowe@lawrence.edu)
Date: Thu Aug 28 2003 - 16:42:59 CDT
Whether or not CommonName, or something like it is involved,
I'm strongly in favor of restricting outbound DNS requests to *your*
DNS servers. All on-campus resolvers should use your DNS service.
IIRC, even the contents of secure web forms were sent off to the
CommonName servers with web requests. Try explaining to a dean
how FERPA protections were so easily circumvented, when information
from your Banner/PeopleSoft/whatever online forms travels across the
public Internet.
-Robert
King, Michael wrote:
> The first problem.
>
> They might have a product (or it's counterparts) called CommenName. It
> replaces the DNS resolver in the webbrowser, so that it sends every DNS
> request to it's website, which returns the IP address. Pretty nasty little
> program. I would check your student to see if they have it installed.
> (easiest way to check, and remove it is SpyBot search and Destroy.
> http://security.kolla.de
>
> Second one.
>
> Check your Main registration and every page that you have students load.
> You should have NOCACHE statements in the Head of the HTML, so that the
> pages are not cached.
>
> <meta http-equiv="Cache-Control" content="no-cache">
> <meta http-equiv="Pragma" content="no-cache">
>
> They are in the examples, but I ran into the same problem when I created my
> registration pages from scratch.
>
> -----Original Message-----
> From: Steve Hess [mailto:shess@wheatonma.edu]
> Sent: Thursday, August 28, 2003 2:52 PM
> To: netreg@southwestern.edu
> Subject: NetReg: MSIE 5.0 and Macintosh Safari
>
>
> We've encountered two problems thus far with browsers.
>
> We had an MSIE 5.0 Windows 98 machine where the DNS name for Netreg wouldn't
>
> work. The client got a restricted address and NetReg for DNS server. It
> successfully loaded the redirect page but when it went to the secure
> registration page it couldn't be displayed. IP Address/register.html did
> work
> but the registration couldn't complete because it called the cgi script by
> DNS
> name. I had to go to the students room, manually set an IP, and download
> the
> update for IE to get them on 6.0.
>
> We've had a few students who registered with the Macintosh Safari browser.
> They got to the page fine and registred fine. When they rebooted their
> machines they kept getting the NetReg page in the Safari browser, regardless
> of
> the address they typed in, even with an unrestricted IP and correct DNS
> settings. We tried clearing out the cache on Safari and it fixed the
> problem.
>
> Safari doesn't worry me as much because the problem is easy to fix. The IE
> 5.0
> problem is more annoying because it requires going to the students room to
> allow them to download the updates. Has anyone else seen this and have a
> more
> elegant solution?
>
>
> Thanks,
>
> Steve
>
>
> Steve Hess
> Network Tech
> Wheaton College
> Norton, MA
> shess@wheatonma.edu
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:40 CDT