Forum Discussion

Dave_Lee's avatar
Dave_Lee
Brass Contributor
Jun 03, 2019

Name Resolution Policy Table (NRPT) Support

Does / will Edge Chromium support reading of NRPT tables? If not, is this on the roadmap?

  • Eric_Lawrence's avatar
    Eric_Lawrence
    Icon for Microsoft rankMicrosoft
    Jun 04, 2019

    Dave_Lee - Chromium detects whether any NRPT rules have been configured and if so takes that into account in a few places, but it does not, itself, utilize the NRPT tables.

     

    However, I'm interested in learning more about your scenario. On Windows, by default, Chromium uses the system's DNS resolver (instead of using its own built-in resolver) and that means that the NRPT tables should be taken into account. If you're seeing something else, I'd be interested in learning more.

     

    [In Edge, you can see the details of DNS resolutions for the current process by visiting edge://histograms/Net.DNS.TotalTimeTyped in the address bar. If you see a Net.DNS.TotalTimeTyped.System histogram, that means that the system resolver is getting used. IF you see instead Net.DNS.TotalTimeTyped.Async that means that the built-in (non-system) resolver is getting used.]

    • Dave_Lee's avatar
      Dave_Lee
      Brass Contributor
      Jun 06, 2019

      Eric_Lawrence  Thanks for the response. We are big users of Direct Access, 1000+ machines, and in order to send traffic for specific sites / domains down through the DA tunnel, we're utilising "Selective Tunnelling" which requires us to manipulate our NRPT tables. Here is an article on the subject https://directaccess.richardhicks.com/2018/05/14/directaccess-selective-tunneling/

       

      We cannot use "Force Tunnelling" as we use S4B voice which cannot go through the DA tunnel.

       

      At the moment, only IE 11 and old Edge read the NRPT tables. Chrome, Firefox and Edge Chromium ignore the entries we've made.

       

      Here is the scenario - We have many hosted services that are locked down to our two corporate, public facing IP's. Any attempt to access these services over other connections will not work, i.e. on DA when working remotely. Via the use of NRPT table manipulation and Selective Tunnelling, we can make these services available to our remote users as we force the traffic back down the DA tunnel and out of our corporate DIA's.

Resources