Path: csiph.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: Reindl Harald <h.reindl@thelounge.net>
Newsgroups: comp.protocols.dns.bind
Subject: Re: DNS Queries Using API - BIND9
Date: Mon, 11 May 2020 07:31:08 +0200
Organization: the lounge interactive design
Lines: 22
Approved: bind-users@lists.isc.org
Message-ID: <mailman.386.1589183676.942.bind-users@lists.isc.org>
References: <CAPPXLT_n9tUgp568x3UK9=OYPmuWR7wmyBcEsmL9SX+3DuX3vQ@mail.gmail.com> <890fc7de-85f4-987d-d248-5e9d857dc6fa@thelounge.net>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Trace: usenet.stanford.edu 1589183692 15679 149.20.1.60 (11 May 2020 07:54:52 GMT)
X-Complaints-To: action@cs.stanford.edu
To: Blason R <blason16@gmail.com>, bind-users <bind-users@lists.isc.org>
Return-Path: <h.reindl@thelounge.net>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
In-Reply-To: <CAPPXLT_n9tUgp568x3UK9=OYPmuWR7wmyBcEsmL9SX+3DuX3vQ@mail.gmail.com>
Content-Language: en-US
X-Spam-Status: No, score=-0.2 required=5.0 tests=KAM_NUMSUBJECT, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS, SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-Mailman-Approved-At: Mon, 11 May 2020 07:54:34 +0000
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <890fc7de-85f4-987d-d248-5e9d857dc6fa@thelounge.net>
X-Mailman-Original-References: <CAPPXLT_n9tUgp568x3UK9=OYPmuWR7wmyBcEsmL9SX+3DuX3vQ@mail.gmail.com>
Xref: csiph.com comp.protocols.dns.bind:15744



Am 11.05.20 um 06:14 schrieb Blason R:
> I am seeking solution for our below problem and wanted to know if any
> open source option can help us here?
> We have our internal DNS RPZ firewall built on BIND9. Due to the current
> situation since all users are working from home we are not able to route
> their queries to internal DNS servers. Well, when they are on VPN
> definitely queries are then passed through internal DNS server but they
> left open when not connected to VPN.
> 
> Is there any solution using -
> 
>   * API by which we can route the queries for user who are on Internet
>   * Or any client utility which can be installed on user's
>     desktop/laptop where we can embed our BIND RPZ server and then route
>     the queries to internal one using NAT?
>   * Or any other alternative community can suggest?

when you are in the position to use something like this you can also
tell your users they have to configure their machines for using a public
dns you are hosting and you are done