On Wed, 2010-02-24 at 18:16 -0800, Tim Dressel wrote: > Hi folks, > > I have been interconnecting several schools into one big network via a > MAN over fiber, but in the end I'm going to have a couple of schools > that I can't afford to hook up and/or just don't have the service > available. We are pushing out Windows 7 which via volume activation > requires either MAK or KMS. I would prefer to not give out MAK keys > because they inevitably get divulged either accidentally or on > purpose. I have a KMS host activated and its successfully activating > everything behind my pfsense box with no problems. > > I have been following this link: > > http://technet.microsoft.com/en-us/library/dd772269.aspx > > Which details which ports to open, and which DNS settings are required > to find the KMS host. > > Does anyone know how to use pfsense either out of the box or with an > existing reasonably stable plugin to hand out the SRV record? > > So what I would like to do is config a remote school to resolve DNS > (handing out by DHCP) to the firewall, and then have the firewall > resolve against OpenDNS (to block porn and what not). But I would like > to have the firewall respond to a SRV resource record request just for > the _VLMCS service and pointed appropriately to my site back on the > back-bone. > > I've looked at tinydns, but it does not have the ability to add an SRV > record type.
Check http://cr.yp.to/djbdns/tinydns-data.html There seems to be a way to add SRV records through a generic record syntax. See also http://cr.yp.to/djbdns/knowles.html I haven't done this yet. Let us know how it goes. > > I could do this with a site to site vpn, and have the remote schools > using our DNS, but we don't use OpenDNS in the mother ship, so I would > need a way to block sites essentially coming from a different subnet. > > Would appreciate any assistance! > > Thanks... > > Tim > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
