Jun 03 2019 03:41 AM - edited Jun 04 2019 06:27 AM
Does / will Edge Chromium support reading of NRPT tables? If not, is this on the roadmap?
Jun 04 2019 09:02 AM
@Dave_Lee - Chromium detects whether any NRPT rules have been configured and if so takes that into account in a few places, but it does not, itself, utilize the NRPT tables.
However, I'm interested in learning more about your scenario. On Windows, by default, Chromium uses the system's DNS resolver (instead of using its own built-in resolver) and that means that the NRPT tables should be taken into account. If you're seeing something else, I'd be interested in learning more.
[In Edge, you can see the details of DNS resolutions for the current process by visiting edge://histograms/Net.DNS.TotalTimeTyped in the address bar. If you see a Net.DNS.TotalTimeTyped.System histogram, that means that the system resolver is getting used. IF you see instead Net.DNS.TotalTimeTyped.Async that means that the built-in (non-system) resolver is getting used.]
Jun 06 2019 02:33 AM - edited Jun 06 2019 05:56 AM
@Eric_Lawrence Thanks for the response. We are big users of Direct Access, 1000+ machines, and in order to send traffic for specific sites / domains down through the DA tunnel, we're utilising "Selective Tunnelling" which requires us to manipulate our NRPT tables. Here is an article on the subject https://directaccess.richardhicks.com/2018/05/14/directaccess-selective-tunneling/
We cannot use "Force Tunnelling" as we use S4B voice which cannot go through the DA tunnel.
At the moment, only IE 11 and old Edge read the NRPT tables. Chrome, Firefox and Edge Chromium ignore the entries we've made.
Here is the scenario - We have many hosted services that are locked down to our two corporate, public facing IP's. Any attempt to access these services over other connections will not work, i.e. on DA when working remotely. Via the use of NRPT table manipulation and Selective Tunnelling, we can make these services available to our remote users as we force the traffic back down the DA tunnel and out of our corporate DIA's.
Jun 14 2019 04:31 AM
Jul 11 2019 02:17 PM
@Elliot Kirk Can you help answer this one?
Oct 14 2019 06:21 AM
Still hoping for further clarification on this.
Oct 14 2019 06:48 AM - edited Oct 15 2019 10:57 AM
@Dave_Lee At present, Chromium-based browsers do not make use of name-resolution policy tables for determining the proxy. Investigations into changing that remain underway.
NRPT rules that govern DNS lookups (e.g. getHostByName()) continue to impact those resolutions as long as Chrome is set to use the system DNS resolver (as it is by default on Windows).
Note that you can direct the new Edge to use the "system" Proxy resolver instead of the one built into the browser, which means that NRPT should be taken into account. To do so, launch Edge thusly:
msedge.exe --winhttp-proxy-resolver
I would be interested to learn if this helps in your scenario.
Oct 17 2019 03:07 AM