DNS Queries Using API - BIND9

Petr Menšík pemensik at redhat.com
Mon May 11 17:03:39 UTC 2020


AFAIK BIND is supported also on Windows. Would it be possible just to
install BIND service on local machine and configure it to download DLZ
zone from your servers. It could authenticate using ddns keys. And
forward would be also straightforward. As a bonus, they would get local
validating resolver.

I think that would be quite satisfying for their security, but would
prevent you from watching them too close. I think that would be an
advantage in sort, especially when they are in "private" mode.

Of course some scripts to configure the installation would be required,
because ordinary user does not want to configure BIND. Some smart
installer might be enough.


On 5/11/20 6:14 AM, Blason R wrote:
> Hi Folks,
> I am seeking solution for our below problem and wanted to know if any open
> source option can help us here?
> We have our internal DNS RPZ firewall built on BIND9. Due to the current
> situation since all users are working from home we are not able to route
> their queries to internal DNS servers. Well, when they are on VPN
> definitely queries are then passed through internal DNS server but they
> left open when not connected to VPN.
> Is there any solution using -
>    - API by which we can route the queries for user who are on Internet
>    - Or any client utility which can be installed on user's desktop/laptop
>    where we can embed our BIND RPZ server and then route the queries to
>    internal one using NAT?
>    - Or any other alternative community can suggest?
> This is just like Cisco Umbrella or any other Paid DNS firewall solutions
> but seeking if we can have any open source option?
> Thanks & Regards
> Blason R
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200511/0b6ce3fb/attachment.bin>

More information about the bind-users mailing list