DNS Visibility Deployment

DNS Visibility is a virtual appliance designed for analysing DNS logs. DNS Visibility does not enforce "Security Profile" and has no blocking capabilities. DNS Visibility has a separate management interface and is not managed through the cloud management interface.

Getting Virtual Aplliance and Deploy Vmware ESX

DNS Visibility, namely Cyber-X-Ray, comes with a virtual appliance image for VMWare or Hyper-V virtualisation environments. The image can be downloaded from http://download.dnscyte.com/dnscyte/DnsCyte-DNSVisibility-ESX.zip. Once extracted, the image is ready for deployment to VMWare

Figure 1. VmWare Virtual Appliance Files

Before starting the deployment, make sure that 12 core CPU, 32 GB of RAM and 300GB of disk space is available on the virtualisation environment.

VmWare Deployment

Deployment of Dns Visibility to VmWare environment is an easy task. Please follow below steps to finish your deployment

1.Login to VMWare Management Console and right-click on the virtual machine and select "Create/Register VM".

Figure 2. Create VM

2. Select the deployment type. Ovf/ova should be selected.

Figure 3. Deployment Options

3.Give name your virtual machine and choose ovf and vmdk files that are extracted from the compressed file and click next.

Figure 4. Select Dns Visibility files

4. Select storage on which virtual machine will be installed and click next

Figure 5. Storage Selection

5. Choose network interface this virtual machine to bind to, and click next.

Figure 6. Select Network Interface

6. Now the virtual machine is ready for deployment. Please click Finish to start the deployment. Deployment progress can be seen under task pane of ESX management interface, which is located at the bottom of the page.

Figure 7. Virtual Machine Deployment Progress

Configuration

Configuration process contains two tasks. First setting up the IP address of the virtual machine and second is to integrate with the DNS server

Setting IP Address

After deploying of your virtual machine first thing is to set up network interfaces. To configure your virtual machine you neet to login from console using VmWare management interface. Console user name is "admin" password is "Dn5Cyt@123!!" . Console comes with set of tools for make life easy. You can view current settings for network or you can change it or you can start/stop services. Root access is available only for support personnel.

Figure 8. Console Tools

For DNS Visibility product, two IP Addresses are used. IP Address 1 is used for management and communication with external systems. IP Address 2 is used for sinkhole IP or Block Pages to your users. IP Address 2 should be same network as IP Address 1.

For setting IP Addresses of the virtual machine, select option two after logging in to the console. Follow instructions to set up the IP addresses

Figure 9. IP Configuration

Accessing Web Management Interfaces

After setting the IP address of the virtual machine, access management console through a web browser. The management interface can be accessed from the below link:

https://"Interface ID 1 IP Address":8443 . The web-based management user name is "admin" and password is "DnsCyte".

Figure 10. Dns Visibility Web Access

Basic System Configuration

After a successful Login to DNS Visibility, configure it to work with DNSCyte Reputation Service. First, ensure that the appliance has access to reputation.dnscyte.com on port 443. DNS Visibility can get category information of DNS requests, which is in DNS logs by using API Calls. Enabling Reputation service requires an API key for the appliance. The support team creates an API key. Once you get the key go to Admin-->Configuration and enter the key under item number 19. Once the appliance has access to reputation service on 443 Cyber-X-Ray Reputation service turns to be green under Admin-->System Information.

Figure 11. API key
Figure 12. API Services

Integration with DNS Server

Before configuring DNS Visibility virtual appliances, enable DNS DEBUG logging in the local DNS server and create access to DNS log files. In this document, we will show how to integrate with Microsoft DNS Server.

Enable Loging On Microsoft DNS Server

DNS Visibility works on DNS debug log files. By default, DNS debug log feature is disabled on Microsoft DNS servers. To enable DNS to debug logging go to Microsoft DNS Server manager and right-click on DNS server and select properties.

Figure 11. Microsoft DNS Server Properties

After selecting DNS server properties, settings window opens. Click debug logging tab and set features as shown below:

Figure 12. DNS Debug Logging Settings

File path and name can be on local disk or can be a file share. If it is in local drive, please share this folder and give read privilege to the DNS Visibility appliance.

Defining DNS Log Source

After configuring the DNS server and making log files available to read by DNS Visibility, set access information to logs within DNS Visibility. To set DNS log paths, access CIFS menu under Admin Tab and click Add button.

Figure 13. DNS File access definitin

Give a name to the settings and configure below settings.

Storage IP: Define the path to DNS debug log files. Generally file share of the log directory.

Username and Password: username and password to access log files

Domain: Domain name of your user which is define.

Description: it is a optional filed.

Click save button to save your deployment.

To start reading DNS debug files, Click the "mount" button. Once mount operation is successful system automatically start reading DNS file and generate reports..

Figure 14. Mount Operations

Monitoring

DNS visibility, namely DNS X-Ray, automatically reads DNS logs and classifies it based on categories. Summary information is available on the dashboard screen. Detailed client activity is analysed from the monitoring menu. Monitoring screen shows the Client IP and MAC addresses.

Figure 15. DashBoards
Figure 17. Monitoring