DNS Queries Using API - BIND9
Blason R
blason16 at gmail.com
Mon May 11 17:38:13 UTC 2020
Hmmm nice suggestion and appreciate that.
But it would too much for normal user looking for more simpler manner. Any
way if no option then will have to live with vpn option for now.
On Mon, 11 May 2020, 22:34 Petr Menšík, <pemensik at redhat.com> wrote:
> Hi,
>
> AFAIK BIND is supported also on Windows. Would it be possible just to
> install BIND service on local machine and configure it to download DLZ
> zone from your servers. It could authenticate using ddns keys. And
> forward would be also straightforward. As a bonus, they would get local
> validating resolver.
>
> I think that would be quite satisfying for their security, but would
> prevent you from watching them too close. I think that would be an
> advantage in sort, especially when they are in "private" mode.
>
> Of course some scripts to configure the installation would be required,
> because ordinary user does not want to configure BIND. Some smart
> installer might be enough.
>
> Regards,
> Petr
>
> On 5/11/20 6:14 AM, Blason R wrote:
> > Hi Folks,
> >
> > I am seeking solution for our below problem and wanted to know if any
> open
> > source option can help us here?
> > We have our internal DNS RPZ firewall built on BIND9. Due to the current
> > situation since all users are working from home we are not able to route
> > their queries to internal DNS servers. Well, when they are on VPN
> > definitely queries are then passed through internal DNS server but they
> > left open when not connected to VPN.
> >
> > Is there any solution using -
> >
> > - API by which we can route the queries for user who are on Internet
> > - Or any client utility which can be installed on user's
> desktop/laptop
> > where we can embed our BIND RPZ server and then route the queries to
> > internal one using NAT?
> > - Or any other alternative community can suggest?
> >
> >
> > This is just like Cisco Umbrella or any other Paid DNS firewall solutions
> > but seeking if we can have any open source option?
> >
> > Thanks & Regards
> > Blason R
> >
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
>
> --
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemensik at redhat.com
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200511/e0feec91/attachment.htm>
More information about the bind-users
mailing list