DomainFlagEnterprise
The settings of uDomainFlag can be controlled by an organization administrator, allowing to force specific settings which are activated upon installation and cannot be changed by the user.
Attention: This will force the installation of uDomainFlag without the possibility for the user to disable the extension!
For Google Chrome, you can download the ADMX bundle at Google Chrome Enterprise Help > Set Chrome Browser policies on managed PCs.
For Microsoft Edge, you can download the ADMX bundle and Microsoft Edge for Business at Microsoft > Microsoft Edge for business.
For Mozilla Firefox, you can download the ADMX bundle from their GitHub repository at Mozilla > policy-templates.
To install the downloaded policies, place the extracted files (.admx files and the files within the locale-folder like en-US) into
After that, open Group Policy Management and create a new Group Policy like Browsers - Microsoft Edge where you define your policies for the given browser.
For Google Chrome or Microsoft Edge navigate to
Here, choose "Enabled" and within the "Show ..." dialog, enter the following line to force the installation of uDomainFlag:
Google Chrome:
Microsoft Edge:
For Google Chrome use
For Microsoft Edge use
As Value use one of the possible settings mentioned below.
For example you can use as value "
This way you can use your internal uDomainFlag backend server (relay, full server or your own custom server) to process requests.
Using an relay, you can use additional functions like data enrichment which is described below.
Default value: dfdata.bella.network | Possible values: any HTTPS enabled domain/IP with a valid certificate
Please note that a warning is shown to users that an administrator has set these settings.
Default value: false | Possible values: true | false
This allows you provide a public reachable server with enabled data enrichment, where only configured clients are able to request data.
Default value: empty | Possible values: any string - Prefer a random generated string, e.g. a SHA256 hash.
When crash reports are disabled, a user isn't able to activate it until the policy is removed. Please note that this setting limits my possibilities to improve the extension.
Default value: false | Possible values: true | false
Please note that the following instances are currently in development. If you have interest in it, want to have a specific feature or want to test it, please contact me at thomas@bella.network.
Using dfrelay, the following features can be used:
You can find the configuration guide for dfrelay at ... (Coming Soon)
Install and configure using GPO
Import ADMX
To simplify the process of configuring browsers and allowing you to not only configure uDomainFlag, we can use ADMX templates provided by the browser vendors.Attention: This will force the installation of uDomainFlag without the possibility for the user to disable the extension!
For Google Chrome, you can download the ADMX bundle at Google Chrome Enterprise Help > Set Chrome Browser policies on managed PCs.
For Microsoft Edge, you can download the ADMX bundle and Microsoft Edge for Business at Microsoft > Microsoft Edge for business.
For Mozilla Firefox, you can download the ADMX bundle from their GitHub repository at Mozilla > policy-templates.
To install the downloaded policies, place the extracted files (.admx files and the files within the locale-folder like en-US) into
%systemroot%\PolicyDefinitions on your Domain Controller.After that, open Group Policy Management and create a new Group Policy like Browsers - Microsoft Edge where you define your policies for the given browser.
For Google Chrome or Microsoft Edge navigate to
Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Extensions (or Google Chrome, depending on you policy) and select the option Control which extensions are installed silently.Here, choose "Enabled" and within the "Show ..." dialog, enter the following line to force the installation of uDomainFlag:
Google Chrome:
eklbfdpploakpkdakoielobggbhemlnm;https://clients2.google.com/service/update2/crxMicrosoft Edge:
fbokifoifbpkgbonofeejgodpdafpkjb;https://edge.microsoft.com/extensionwebstorebase/v1/crxAdministrative policy settings
Navigate within the GPO toComputer Configuration > Preferences > Windows Settings > Registry and add registry keys according to your preferences.For Google Chrome use
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\eklbfdpploakpkdakoielobggbhemlnm\policy as key path.For Microsoft Edge use
SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\fbokifoifbpkgbonofeejgodpdafpkjb\policy as key path.As Value use one of the possible settings mentioned below.
For example you can use as value "
Secret" with the value data "485dc2a7628edc5b4cebf1196e2bf40e080fed54c0e49d32daae5ee27dae171b". Every item uses the value type REG_SZ.Administrative settings
Server
The setting Server allows you to define the target backend server of uDomainFlag.This way you can use your internal uDomainFlag backend server (relay, full server or your own custom server) to process requests.
Using an relay, you can use additional functions like data enrichment which is described below.
Default value: dfdata.bella.network | Possible values: any HTTPS enabled domain/IP with a valid certificate
DisableServerFallback
This setting disables automatic fallback to alternative servers, if the configured destination server isn't reachable. With this option combined with Server you can prevent uDomainFlag connecting to the upstream servers.Please note that a warning is shown to users that an administrator has set these settings.
Default value: false | Possible values: true | false
Secret
With Secret you can define an identifier which will be transmitted to the destination server to identify clients which are configured by you.This allows you provide a public reachable server with enabled data enrichment, where only configured clients are able to request data.
Default value: empty | Possible values: any string - Prefer a random generated string, e.g. a SHA256 hash.
DisableCrashReports
Using the option DisableCrashReports, crash reports and other errors within the application aren't sent to the error tracking server.When crash reports are disabled, a user isn't able to activate it until the policy is removed. Please note that this setting limits my possibilities to improve the extension.
Default value: false | Possible values: true | false
On-Premises instance
The uDomainFlag extension can use a selfhosted instance instead of dfdata.bella.network which improves performance, adds privacy and allows you to enrich the data shown.Please note that the following instances are currently in development. If you have interest in it, want to have a specific feature or want to test it, please contact me at thomas@bella.network.
dfrelay
This package provides a hybrid tool. If a new lookup is done by a user, dfrelay tries to answer the request using a local cache. If the domain/IP is new, the data will be looked up locally (data enrichment) and if no data was found, the upstream server dfdata.bella.network will be queued.Using dfrelay, the following features can be used:
- Internal server to serve uDomainFlag lookups
- Cache requests of users for less data usage/faster responses
- Only answer lookups from known clients (shared secret)
- Enrich served data
- Local DNS lookup against internal resolver
- phpIPAM: Server description, contact person
You can find the configuration guide for dfrelay at ... (Coming Soon)