Hi, AFAIK BIND is supported also on Windows. Would it be possible just to install BIND service on local machine and configure it to download DLZ zone from your servers. It could authenticate using ddns keys. And forward would be also straightforward. As a bonus, they would get local validating resolver.
I think that would be quite satisfying for their security, but would prevent you from watching them too close. I think that would be an advantage in sort, especially when they are in "private" mode. Of course some scripts to configure the installation would be required, because ordinary user does not want to configure BIND. Some smart installer might be enough. Regards, Petr On 5/11/20 6:14 AM, Blason R wrote: > Hi Folks, > > I am seeking solution for our below problem and wanted to know if any open > source option can help us here? > We have our internal DNS RPZ firewall built on BIND9. Due to the current > situation since all users are working from home we are not able to route > their queries to internal DNS servers. Well, when they are on VPN > definitely queries are then passed through internal DNS server but they > left open when not connected to VPN. > > Is there any solution using - > > - API by which we can route the queries for user who are on Internet > - Or any client utility which can be installed on user's desktop/laptop > where we can embed our BIND RPZ server and then route the queries to > internal one using NAT? > - Or any other alternative community can suggest? > > > This is just like Cisco Umbrella or any other Paid DNS firewall solutions > but seeking if we can have any open source option? > > Thanks & Regards > Blason R > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users