HTTP Enable but DNS disable

[zabidin2]

Hi,

When i disable dns service, i cannot use http proxy anymore. Is there anyway i can enable http proxy only but not dns? We have our own dns in our dmz segment. Please give some advice.

Thanks.

[christian]

- are you using transparent proxy ?
- is your proxy (and Zentyal BTW) configured to rely on the external DNS

[Javier Amor Garcia]

Hello,

the DNS service is a users dependencies. It is needed for Kerberos to work. So you canonot disable it if you are using any service which relies on users, like HTTP proxy.

If you are using another DNS for your network then I suggest you to configure Zentyal's dns to forward its request to your DNS.

[christian]

I forgot this one 

HTTP relies on account only if you need authentication.

Don't you feel strange to, on one hand, promote transparent proxy and, on the other hand, make DNS mandatory because needed in case you authenticate users while accessing HTTP proxy  where there is no authentication in transparent mode

My point is a bit provocative. However please do not take it the wrong way 
Why not having more granularity and block authentication in explicit proxy if DNS is not running. (I would ever go one step further: DNS is mandatory because of Kerberos isn't it ?)

[Javier Amor Garcia]

Yes, it could be done but it would need some coding and testing.

[Abby]

We are having this problem as well, because we cannot turn Zentyal DNS off and leave Zentyal Proxy on.

Some of our client computers have entries in their hosts file so that made-up-domain-name.com points to x.x.x.x external IP address.

Now when the client computer accesses made-up-domain-name.com, the Zentyal proxy passes this to Zentyal DNS, and Zentyal proxy returns an error page to the affected client computer, instead of allowing the connection to go through.

Can we turn off DNS and leave proxy on?

Thank you

[BrettonWoods]

Can you just not add an entry for the made up domain name with the IP you require?

[Abby]

That wouldn't be feasible, I'm afraid.

My staff use dozens (if not hundreds) of made-up domain names, and it would interrupt their workflow to constantly request that I add/remove domain names on demand, then update and restart Zentyal services every time a change is made.

If I could add wildcards, eg *.made-up-domain-name.com, that would help greatly, but Zentyal does not allow wildcards for that 

[BrettonWoods]

Well I am not going to mention anything about wildcard domains.

I do think however you are correct that having a proxy doesn't mean you need a full bind9 DNS on your server.

In fact I haven't a clue why Bind9 Full DNS seems to have dependencies for other modules.

Say web server or virtual emaill do I need a DNS server for those to work. Nope.

Samba4 I have this horrid feeling that actually we shouldn't be using bind9 but the simple internal DNS of Samba4.

Bind9 should be enabled on top of that if required.

I feel I should be able to install a DHCP server without need for a DNS and a few others.

I just guess its the way Zentyal works.

One thing to do is just to let the Devs know in the features requests and state your reasons.
Hopefully this will provide feedback to create a product that fits its market.

There is also always the Zentyal support team if you require customisation and paid for direct help.