The DigitalStakeout PDNS client enables on/off network windows clients to be protected by DigitalStakeout PDNS, while being able to access internal resources.

Supported Operating Systems

Supports Windows 7, 8, 8.1, 10, Server 2008, Server 2012, Server 2016, Server 2019 with .NET Framework 4.5
 
Required Firewall Ports

HTTPS (TCP/443) outbound

HTTPS (TCP/8443) outbound

DNS (TCP/UDP 53) outbound
 
Required IP Ranges

IPv4: 142.202.107.1-142.202.107.8
IPv6: 2620:82:6000:1-2620:82:6000:8
 
Download DigitalStakeout PDNS Client for Windows

Download Windows Client 64-bit (amd64)

Download Windows Client 32-bit (i386)

Installing the DigitalStakeout PDNS Client

The DigitalStakeout PDNS Client is a Microsoft Installer (MSI) package and its very simple to install.

Installing the client requires a virtual site installation key found at Protection > Virtual Sites.
 
Each Virtual Site Maps to a Security Policy

Each virtual site maps to a policy. This allows for you to apply different policies to different classes of devices.

Once you successfully install the client, it will be listed your company's Devices inventory.

Serial: NEE9JEK9EDE9KDE9, Hostname: DESKTOP-4D0ELEDL0L, Securd Client: 1.1.0.28, OS: windows, Manufacturer: Dell Inc., Version: Microsoft Windows 10 Pro, Model: Inspiron 3531, IP4 Address: 192.168.1.10, IP6 Address: 2600..., Public IP4 Address: 1.2.3.4, Public IP6 Address: 2600..., Mac Address(s) ["12:...","22...","10..."], Username: ["JohnDoe"], Current NS: dns2-iad.securd.com, Current Protocol: dnscrypt/udp, Last Update: 2020-09-14 20:12:28

 
Silent Install for the DigitalStakeout PDNS Client

msiexec.exe /i "Securd.DNS-Client.amd64-1.6.0.62.msi" /qn INSTALLKEY="xxxxxxx"

 
Registry Options for the Securd DNS Firewall Client

Location: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Securd\DNS Firewall Client

Address4 (REG_SZ - defaults to 127.0.53.1)
This is the IPv4 local address the dns-client listens on.

Address6 (REG_SZ - defaults to fd00::53:1)
This is the IPv6 local address the dns-client listens on.

Disable6 (REG_SZ - Disabled by Default / 1 to Enable - 0 to Disable)
Disable dns queries over IPv6.

AutoConfigure (REG_SZ - Enabled by Default / 1 to Enable - 0 to Disable)
Enables/Disables Interface Nameserver changes to Securd dns-client addresses.

Ignore4 (REG_SZ - Comma seperated list of nameservers.)
Do not change dns servers set to these IPv4 addresses.

Ignore6 (REG_SZ - Comma seperated list of nameservers.)
Do not change dns servers set to these IPv6 addresses.

IgnoreAdapters (REG_SZ - Comma seperated list of adapter names.)
Do not change dns servers on these adapters.

ExcludePrefer (REG_SZ - Prefer IPv4 or IPv6 Exclude Suffix Nameserver)
4 - Prefer IPv4
6 - Prefer IPv6
46 - Prefer Higher Metric with Tie Prefering IPv4
64 - Prefer Higher Metric with Tie Prefering IPv6

InstallKey (REG_SZ)
Obtained from Securd administrative interface and used to authorize client.

NameServer (REG_SZ - Comma seperated list.)
Static nameserver list to override system nameservers for Exclude Suffix lookup.

Debug (REG_SZ - Disabled by Default / 1 to Enable - 0 to Disable)
Enable debug logging.

MonitorMultiuser (REG_SZ - Disabled by Default / 1 to Enable - 0 to Disable)
Run monitor per user on multiuser RDSH servers.

AutoUpdate (REG_SZ - Enabled by Default / 1 to Enable - 0 to Disable)
Automatically update dns-client.