On May 10, 2020, at 21:14, Blason R <blason16@gmail.com> wrote:open source option can help us here?
=20
Hi Folks,
=20
I am seeking solution for our below problem and wanted to know if any =
We have our internal DNS RPZ firewall built on BIND9. Due to the =current situation since all users are working from home we are not able =
=20where we can embed our BIND RPZ server and then route the queries to =
Is there any solution using -
API by which we can route the queries for user who are on Internet
Or any client utility which can be installed on user's desktop/laptop =
Or any other alternative community can suggest?solutions but seeking if we can have any open source option?
=20
This is just like Cisco Umbrella or any other Paid DNS firewall =
=20unsubscribe from this list
Thanks & Regards
Blason R
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to =
=20
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
The main issue that bind does’t provide an authentication method. So in
any case you somehow should manage the access to the DNS server vice
versa it will became open resolver and will be used for DDoS attacks.
On May 10, 2020, at 23:26, Daniel Stirnimann <daniel.stirnimann@switch.ch> wrote:
On 11.05.20 08:18, Vadim Pavlov via bind-users wrote:
The main issue that bind does’t provide an authentication method. So in
any case you somehow should manage the access to the DNS server vice
versa it will became open resolver and will be used for DDoS attacks.
If you were to use DoH, you could use Basic Authentication. The DoH URL
you could configure on your client systems could be something like this:
https://username:password@doh.example.com/dns-query
Daniel--- Synchronet 3.18a-Linux NewsLink 1.113
Am 11.05.20 um 06:14 schrieb Blason R:
I am seeking solution for our below problem and wanted to know if any
open source option can help us here?
We have our internal DNS RPZ firewall built on BIND9. Due to the current situation since all users are working from home we are not able to route their queries to internal DNS servers. Well, when they are on VPN definitely queries are then passed through internal DNS server but they left open when not connected to VPN.
Is there any solution using -
* API by which we can route the queries for user who are on Internet
* Or any client utility which can be installed on user's
desktop/laptop where we can embed our BIND RPZ server and then route
the queries to internal one using NAT?
* Or any other alternative community can suggest?
when you are in the position to use something like this you can also
tell your users they have to configure their machines for using a public
dns you are hosting and you are done
On 11.05.20 08:18, Vadim Pavlov via bind-users wrote:d. So in
The main issue that bind does=E2=80=99t provide an authentication metho=
any case you somehow should manage the access to the DNS server vice
versa it will became open resolver and will be used for DDoS attacks.
If you were to use DoH, you could use Basic Authentication. The DoH URL
you could configure on your client systems could be something like this:
https://username:password@doh.example.com/dns-query
Daniel
Hmm- Any docs on configuring DOH Proxy?
On Mon, May 11, 2020 at 11:56 AM Daniel Stirnimann < daniel.stirnimann@switch.ch> wrote:
On 11.05.20 08:18, Vadim Pavlov via bind-users wrote:
The main issue that bind does=E2=80=99t provide an authentication meth= od. So in
any case you somehow should manage the access to the DNS server vice
versa it will became open resolver and will be used for DDoS attacks.
If you were to use DoH, you could use Basic Authentication. The DoH URL
you could configure on your client systems could be something like this:
https://username:password@doh.example.com/dns-query
Daniel
On May 10, 2020, at 23:52, Blason R <blason16@gmail.com> wrote:<https://www.nginx.com/blog/using-nginx-as-dot-doh-gateway/>=20
=20
Thats a nice starting point -
=20
https://www.nginx.com/blog/using-nginx-as-dot-doh-gateway/ =
=20shutdown or can not suspend the service
But still looking for any client utility so that users can not =
=20<mailto:blason16@gmail.com>> wrote:
On Mon, May 11, 2020 at 12:18 PM Blason R <blason16@gmail.com =
Hmm- Any docs on configuring DOH Proxy?=20<daniel.stirnimann@switch.ch <mailto:daniel.stirnimann@switch.ch>> =
=20
On Mon, May 11, 2020 at 11:56 AM Daniel Stirnimann =
=20method. So in
=20
On 11.05.20 08:18, Vadim Pavlov via bind-users wrote:
The main issue that bind does=E2=80=99t provide an authentication =
attacks.any case you somehow should manage the access to the DNS server vice
versa it will became open resolver and will be used for DDoS =
=20URL
If you were to use DoH, you could use Basic Authentication. The DoH =
you could configure on your client systems could be something like =this:
=20<https://username:password@doh.example.com/dns-query>
https://username:password@doh.example.com/dns-query =
=20
=20
Daniel
If your users has admins permissions you probably will not find any open source tool which support that. For restricted accounts on Win - create policies.r
BR,
Vadim
On May 10, 2020, at 23:52, Blason R <blason16@gmail.com> wrote:
Thats a nice starting point -
https://www.nginx.com/blog/using-nginx-as-dot-doh-gateway/
But still looking for any client utility so that users can not shutdown o=
can not suspend the service:
On Mon, May 11, 2020 at 12:18 PM Blason R <blason16@gmail.com> wrote:
Hmm- Any docs on configuring DOH Proxy?
On Mon, May 11, 2020 at 11:56 AM Daniel Stirnimann <
daniel.stirnimann@switch.ch> wrote:
On 11.05.20 08:18, Vadim Pavlov via bind-users wrote:
The main issue that bind does=E2=80=99t provide an authentication met= hod. So in
any case you somehow should manage the access to the DNS server vice
versa it will became open resolver and will be used for DDoS attacks.
If you were to use DoH, you could use Basic Authentication. The DoH URL
you could configure on your client systems could be something like this=
https://username:password@doh.example.com/dns-query
Daniel
<br></div><div><br></div><div>But still looking for any client utility so=that users can not shutdown or can not suspend the service<br></div></div>= <br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon=
I am seeking solution for our below problem and wanted to know if any
open source option can help us here?
We have our internal DNS RPZ firewall built on BIND9. Due to the current situation since all users are working from home we are not able to route their queries to internal DNS servers. Well, when they are on VPN
definitely queries are then passed through internal DNS server but they
left open when not connected to VPN.
Is there any solution using -
* API by which we can route the queries for user who are on Internet
* Or any client utility which can be installed on user's
desktop/laptop where we can embed our BIND RPZ server and then route
the queries to internal one using NAT?
* Or any other alternative community can suggest?
Hi Folks,n
=20
I am seeking solution for our below problem and wanted to know if any ope=
source option can help us here?p
We have our internal DNS RPZ firewall built on BIND9. Due to the current situation since all users are working from home we are not able to route their queries to internal DNS servers. Well, when they are on VPN
definitely queries are then passed through internal DNS server but they
left open when not connected to VPN.
=20
Is there any solution using -
=20
- API by which we can route the queries for user who are on Internet
- Or any client utility which can be installed on user's desktop/lapto=
where we can embed our BIND RPZ server and then route the queries toribe from this list
internal one using NAT?
- Or any other alternative community can suggest?
=20
=20
This is just like Cisco Umbrella or any other Paid DNS firewall solutions
but seeking if we can have any open source option?
=20
Thanks & Regards
Blason R
=20
=20
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc=
=20
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
=20
Hi,t
AFAIK BIND is supported also on Windows. Would it be possible just to
install BIND service on local machine and configure it to download DLZ
zone from your servers. It could authenticate using ddns keys. And
forward would be also straightforward. As a bonus, they would get local validating resolver.
I think that would be quite satisfying for their security, but would
prevent you from watching them too close. I think that would be an
advantage in sort, especially when they are in "private" mode.
Of course some scripts to configure the installation would be required, because ordinary user does not want to configure BIND. Some smart
installer might be enough.
Regards,
Petr
On 5/11/20 6:14 AM, Blason R wrote:
Hi Folks,
I am seeking solution for our below problem and wanted to know if anyopen
source option can help us here?
We have our internal DNS RPZ firewall built on BIND9. Due to the curren=
esituation since all users are working from home we are not able to rout=
their queries to internal DNS servers. Well, when they are on VPN definitely queries are then passed through internal DNS server but they left open when not connected to VPN.
Is there any solution using -
- API by which we can route the queries for user who are on Internetdesktop/laptop
- Or any client utility which can be installed on user's
where we can embed our BIND RPZ server and then route the queries to
internal one using NAT?
- Or any other alternative community can suggest?
nsThis is just like Cisco Umbrella or any other Paid DNS firewall solutio=
but seeking if we can have any open source option?
Thanks & Regards
Blason R
_______________________________________________unsubscribe from this list
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Men=C5=A1=C3=ADk
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Sysop: | DaiTengu |
---|---|
Location: | Appleton, WI |
Users: | 970 |
Nodes: | 10 (2 / 8) |
Uptime: | 105:05:13 |
Calls: | 12,740 |
Calls today: | 2 |
Files: | 186,574 |
Messages: | 3,171,677 |