Create an authentication option for users not in AD or with an agent installed
When a device makes a call to the local DNS servers and they are not an AD or client installed device; force them to authenticate to DNS for the session. This way we can get their info in reports and such when they are using company resources.
-
Just how is this supposed to work? What are these devices supposed to authenticate to, and how? OpenDNS is an internet based service, how are they supposed to have control over local DNS servers?
You say this is so that you can get information when someone is using company resources. Are you trying to do this with the free HOME OpenDNS product? If so, you are in violation of OpenDNS licensing rules, since the free product is only for Home users, not corporate users. You'll need to use one of the pay products, such as one of the various Umbrella products. Regardless of which OpenDNS product you use my initial questions still stand.
-
The OpenDNS VMS are the local DNS servers. If the DNS request is for the local network the redirect to the Microsoft ones, if not they redirect to the OpenDNS ones. This is the only place DNS authentication of non-local devices can be processed. This is needed to the Activity reporting of OpenDNS.
-
Aw, you left out critical information that would have allowed people to understand what you were talking about and asking for.
How do you want this authentication to function? Is the user supposed to somehow log into with an OpenDNS account, or do you mean something else by authenticate?
Since authentication isn't a function of the DNS spec it's a little unclear what exactly you want to happen since you want this feature to work without AD or an agent.
Please sign in to leave a comment.
Comments
5 comments