+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, DNS Forwarders for Browsers in Technical; Just wondering if someone can help me understand this. We're using a DNS filtering server -- a bit like OpenDNS. ...
  1. #1

    Join Date
    Dec 2013
    Location
    England
    Posts
    28
    Thank Post
    1
    Thanked 8 Times in 4 Posts
    Blog Entries
    1
    Rep Power
    3

    DNS Forwarders for Browsers

    Just wondering if someone can help me understand this.

    We're using a DNS filtering server -- a bit like OpenDNS. I've replaced the forwarders on our internal DNS servers.

    My question is, should I need to do anything else to get the browser to connect to the Internet? I've set the browser to automatically detect settings and removed any proxy settings. Should this just work with the DNS forwarder or do I need to do anything like set WPAD settings.

    Thanks

  2. #2

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,727
    Thank Post
    859
    Thanked 905 Times in 750 Posts
    Blog Entries
    9
    Rep Power
    330
    Your clients should continue to use your domain controllers as DNS servers which would forward external requests to the filtering service. If you change the DNS details on the clients they won't be able to access internal resources, especially domain controllers, and users won't be able to log in. Best place to set this is on the DHCP server so they are dished out automagically when clients get their IP's. AFAIK WPAD is only need if you want to apply proxy settings via automatic discovery instead of fixing them in GPO settings.

  3. #3

    Join Date
    Dec 2013
    Location
    England
    Posts
    28
    Thank Post
    1
    Thanked 8 Times in 4 Posts
    Blog Entries
    1
    Rep Power
    3
    Thanks. That makes sense.

    Assuming I use DNS forwarders how should my IE settings be configured? Should I use automatically detect settings or just remove all settings from the LAN Settings window?

    Thanks

  4. #4

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,727
    Thank Post
    859
    Thanked 905 Times in 750 Posts
    Blog Entries
    9
    Rep Power
    330
    I assume you don't have a proxy server and your router is happy forwarding all port 80/443 requests out to the live internet? If that's the case then yes, remove all setting from IE and it will query DNS as normal.

    If your ISP restricts open ports through the router you may need to either have a proxy server internally and filter traffic through that, or contact your ISP for their upstream proxy details, you may need to set up WPAD or a GPO to apply these.

    We use RM broadband and all traffic out must go through their upstream proxy (which we've asked them to set as unrestricted).

    It might help trying to picture the traffic path...

    User opens web page -> DNS request to DC -> DNS request to Filtering Service -> Result to DC -> Result to user -> Request open IP/port from web server -> page delivered to user

    or

    User opens web page -> DNS request to DC -> DNS request to Filtering Service -> Result to DC -> Result to user -> Request open IP/port from ISP's upstream proxy -> Request open IP/port from web server -> page returned to upstream proxy -> page delivered to user

    or

    User opens web page -> DNS request to DC -> DNS request to Filtering Service -> Result to DC -> Result to user ->Request open IP/port from internal proxy -> Request open IP/port from ISP's upstream proxy -> Request open IP/port from web server -> page returened to upstream proxy -> page returned to local proxy -> page delivered to user
    Last edited by tmcd35; 21st August 2014 at 09:42 AM.

  5. #5

    Join Date
    Dec 2013
    Location
    England
    Posts
    28
    Thank Post
    1
    Thanked 8 Times in 4 Posts
    Blog Entries
    1
    Rep Power
    3
    Thanks.

    We do have a TMG proxy in between, but it allows DNS resolution through. I've also spoken to our ISP who has allowed the required ports at their end.

  6. #6

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,727
    Thank Post
    859
    Thanked 905 Times in 750 Posts
    Blog Entries
    9
    Rep Power
    330
    Quote Originally Posted by edublogger View Post
    Thanks.

    We do have a TMG proxy in between, but it allows DNS resolution through. I've also spoken to our ISP who has allowed the required ports at their end.
    Then IE still need the proxy setting for your TMG proxy. DNS requests are separate from page delivery.

SHARE:
+ Post New Thread

Similar Threads

  1. DNS forwarding
    By DSapseid in forum Windows
    Replies: 6
    Last Post: 14th September 2009, 10:12 AM
  2. [Gentoo] dns broken for vpn client
    By RabbieBurns in forum *nix
    Replies: 0
    Last Post: 6th July 2009, 06:29 AM
  3. DNS Forwarding
    By Hightower in forum Windows
    Replies: 23
    Last Post: 12th March 2009, 01:47 PM
  4. DNS Forward Lookup Zone query
    By SpuffMonkey in forum Windows
    Replies: 0
    Last Post: 19th February 2007, 04:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •