Skip to main content

How to Install RustDesk on Your Synology NAS

RustDesk is a remote desktop software, the open source TeamViewer / AnyDesk alternative. You have full control of your data, with no concerns about security since it only sends data to a server that you setup. You can use a public rendezvous/relay server or self-host one. In this step by step guide I will show you how to install RustDesk on your Synology NAS using Docker and DSM 7.2 I've based a significant amount of this guide on https://drfrankenstein.co.uk guides. First, Follow the following 4 guides: Step 0: Docker, Memory Recommendations and Limitations Step 1: Directory Setup Guide Step 2: Setting up a restricted Docker user Step 3: Setting up a Docker Bridge Network Following these guides will give you a nice Docker folder structure, a restricted user to run your containers on (this is more secure) and a dedicated network for your containers. Lets Begin First we need to set up some folders for RustDesk to save its configuration files and also where the Project will save th...

WPAD does not resolve in DNS

At work, we're doing a POC (proof of concept) with a web-proxy, specifically Ironport Websecurity Appliance. Like most all proxies, you have to get the traffic from the client to the proxy. It supports transparent traffic redirection, but we're looking at using WPAD instead.

However, when I created the WPAD DNS entry, it didn't resolve.

C:\>ping wpad
Ping request could not find host wpad. Please check the name and try again.


C:\>nslookup wpad <DNSServer1>
Server: <DNSServer1>.domain.net
Address: <IPofDNSServer1>
*** <DNSServer1>.domain.net can't find wpad: Non-existent domain


This of course, is a big problem. It took a little investigating, but I found the cause.
Windows Server 2008 introduced a new feature, called "Global Query Block list", which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a proxy. 

However, my DNS server is Windows 2003? 

It doesn't have the "Global Query Block List". 

Well, when the documentation was written, it didn't, but a DNS service patch Microsoft published last year DID!
As far as I can tell, http://support.microsoft.com/kb/961063 included the "Global Query Block List", it's not supposed to be enabled by default but mine was, and I did not intentionally turn it on, But here's the best news, not all the pieces of the feature made it down to 2003. The TechNet article: http://technet.microsoft.com/en-us/library/cc995158.aspx shows how to manipulate the "Global Query Block List", and sure enough, the command of:
dnscmd /info /enableglobalqueryblocklist
Query result:
Dword: 1 (0000000000000001)
Command completed successfully.



Shows the block list is enabled, but the command:
dnscmd /info /globalqueryblocklist Info query failed status = 9553 (0x00002551) Command failed: DNS_ERROR_INVALID_PROPERTY 9553 (00002551)


Which is supposed to show you what's in the block list fails.
Great.
So there are two options here:
1. Turn off the "Global Query Block List"
2. Remove WPAD from the "Global Query Block List"
Turning off "Global Query Block List" is easy, just run the command:

dnscmd /config /enableglobalqueryblocklist 0 

That's it. It's off. No service restart required. But what if you turned it off and want to turn it back on? You can't run the opposite command of:
dnscmd /config /enableglobalqueryblocklist 0 
Why not? Cause Microsoft goofed in they're documentation. It's actually the same command as to turn it off!  The correct command is:
dnscmd /config /enableglobalqueryblocklist 1

To remove WPAD, but leave the Blocklist enabled, is a little more difficult

The "Global Query Block List " is stored here:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList


Mine had the entries of WPAD and ISATAP. Remove the WPAD entry and restart the DNS service for it to reload the Blocklist. Note, there is a trailing newline character after ISATAP, it's best to leave it there. 

Note, there is a command line that is supposed to edit this blocklist, but again it's broken in the 2003 implementation, hopefully a later patch, or Service pack will fix these features. Make sure to makes changes to all your DNS services. 

This is a per machine setting, not a zone setting, so if your using Active Directory Integrated zones, it won't replicate this change.

Comments

  1. Nice helped me thanks.

    ReplyDelete
  2. Great article explaining what is happening and how to correct the issue. Thank you.

    ReplyDelete
  3. This saved my arse this morning thanks, I was at a complete loss why my new DNS server wasn't resolving wpad when I was staring at the record right in front of me!

    ReplyDelete
  4. Nice article, helped me get it right. I was a loss why my Win 2012 DNS server can resolve anything but wpad.

    ReplyDelete
  5. Great help Thank You

    ReplyDelete
  6. You saved my ... THANKS!

    ReplyDelete
  7. still applicable in WS2016, tyvm

    ReplyDelete
  8. 9 years after writing this post and it is STILL relevant! Thanks for this.

    ReplyDelete
  9. We are using DSC to manage this setting on our DNS (GC) servers. Just makes life easier. Thank you for the article. It helped a lot.

    ReplyDelete

Post a Comment

Most Popular Posts

First Post!

In August 1999, I bought my own domain name, mpking.com .  This domain name. Over the years I've used a variety of blogging software. Initially I did all the website design myself, hand crafting the HTML myself. I even had one of those *Designed by Notepad* buttons. I still have one of the custom drop cap letters I made. Yea, it's really hard to see, because it's White text.  My first website, like most all bad websites of the early 2000, was black theme.  I ran the website off my computer in my room. I quickly tired of this, and moved onto a Blog software platform.  You used an actual program program, (I don't remember it's name) and you would type up your entry, then upload it to the website.  That tired quickly, as the software was at home, and most entries, then as now, revolved around work. Then I discovered FreeGuppy .  It was online CMS platform, and it was nearly perfect, for almost five years.I even developed some pl...