On Thu, Feb 25, 2010 at 5:43 AM, Bob Gustafson <[email protected]> wrote: > On Wed, 2010-02-24 at 18:16 -0800, Tim Dressel wrote: >> Hi folks, >> >> I have been interconnecting several schools into one big network via a >> MAN over fiber, but in the end I'm going to have a couple of schools >> that I can't afford to hook up and/or just don't have the service >> available. We are pushing out Windows 7 which via volume activation >> requires either MAK or KMS. I would prefer to not give out MAK keys >> because they inevitably get divulged either accidentally or on >> purpose. I have a KMS host activated and its successfully activating >> everything behind my pfsense box with no problems. >> >> I have been following this link: >> >> http://technet.microsoft.com/en-us/library/dd772269.aspx >> >> Which details which ports to open, and which DNS settings are required >> to find the KMS host. >> >> Does anyone know how to use pfsense either out of the box or with an >> existing reasonably stable plugin to hand out the SRV record? >> >> So what I would like to do is config a remote school to resolve DNS >> (handing out by DHCP) to the firewall, and then have the firewall >> resolve against OpenDNS (to block porn and what not). But I would like >> to have the firewall respond to a SRV resource record request just for >> the _VLMCS service and pointed appropriately to my site back on the >> back-bone. >> >> I've looked at tinydns, but it does not have the ability to add an SRV >> record type. > > Check http://cr.yp.to/djbdns/tinydns-data.html > There seems to be a way to add SRV records through a generic record > syntax. See also http://cr.yp.to/djbdns/knowles.html > > I haven't done this yet. Let us know how it goes. > >> >> I could do this with a site to site vpn, and have the remote schools >> using our DNS, but we don't use OpenDNS in the mother ship, so I would >> need a way to block sites essentially coming from a different subnet. >> >> Would appreciate any assistance! >> >> Thanks... >> >> Tim >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Commercial support available - https://portal.pfsense.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
Thanks for this. I did poke around but I posted the same problem from a KMS point of view elsewhere. What came back is that I can include a KMS config as part of my baseline image to point to a FQDN:<port> format, so it does not have to be automatically found by DNS. It was recommended actually to not have auto-discover running on the network in a remote location just in case someone walks in with an as yet unactivated box,,, we should not be activating other people's software. :) So for those that are interested, it was slmgr /skms <FQDN>:<PORT> Activation then worked. I was also able to rearm machines that were previously activated with MAK keys, then do this and have them reactivate with KMS. Sorry, solution had no pfsense related fix, but maybe helpful for someone out there. Cheers, --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
