DNS Visibility Deployment
DNS Visibility is a virtual appliance designed for analysing DNS logs. DNS Visibility does not enforce "Security Profile" and has no blocking capabilities. DNS Visibility has a separate management interface and is not managed through the cloud management interface.
DNS Visibility, namely Cyber-X-Ray, comes with a virtual appliance image for VMWare or Hyper-V virtualisation environments. The image can be downloaded from http://download.dnscyte.com/dnscyte/DnsCyte-DNSVisibility-ESX.zip. Once extracted, the image is ready for deployment to VMWare
Figure 1. VmWare Virtual Appliance Files
Deployment of Dns Visibility to VmWare environment is an easy task. Please follow below steps to finish your deployment
1.Login to VMWare Management Console and right-click on the virtual machine and select "Create/Register VM".
Figure 2. Create VM
2. Select the deployment type. Ovf/ova should be selected.
Figure 3. Deployment Options
3.Give name your virtual machine and choose ovf and vmdk files that are extracted from the compressed file and click next.
Figure 4. Select Dns Visibility files
4. Select storage on which virtual machine will be installed and click next
Figure 5. Storage Selection
5. Choose network interface this virtual machine to bind to, and click next.
Figure 6. Select Network Interface
6. Now the virtual machine is ready for deployment. Please click Finish to start the deployment. Deployment progress can be seen under task pane of ESX management interface, which is located at the bottom of the page.
Figure 7. Virtual Machine Deployment Progress
Configuration process contains two tasks. First setting up the IP address of the virtual machine and second is to integrate with the DNS server
After deploying of your virtual machine first thing is to set up network interfaces. To configure your virtual machine you neet to login from console using VmWare management interface. Console user name is "admin" password is "[email protected]!!" . Console comes with set of tools for make life easy. You can view current settings for network or you can change it or you can start/stop services. Root access is available only for support personnel.
Figure 8. Console Tools
For DNS Visibility product, two IP Addresses are used. IP Address 1 is used for management and communication with external systems. IP Address 2 is used for sinkhole IP or Block Pages to your users. IP Address 2 should be same network as IP Address 1.
For setting IP Addresses of the virtual machine, select option two after logging in to the console. Follow instructions to set up the IP addresses
Figure 9. IP Configuration
After setting the IP address of the virtual machine, access management console through a web browser. The management interface can be accessed from the below link:
https://"Interface ID 1 IP Address":8443 . The web-based management user name is "admin" and password is "DnsCyte".
Figure 10. Dns Visibility Web Access
After a successful Login to DNS Visibility, configure it to work with DNSCyte Reputation Service. First, ensure that the appliance has access to reputation.dnscyte.com on port 443. DNS Visibility can get category information of DNS requests, which is in DNS logs by using API Calls. Enabling Reputation service requires an API key for the appliance. The support team creates an API key. Once you get the key go to Admin-->Configuration and enter the key under item number 19. Once the appliance has access to reputation service on 443 Cyber-X-Ray Reputation service turns to be green under Admin-->System Information.
Figure 11. API key
Figure 12. API Services
Before configuring DNS Visibility virtual appliances, enable DNS DEBUG logging in the local DNS server and create access to DNS log files. In this document, we will show how to integrate with Microsoft DNS Server.
DNS Visibility works on DNS debug log files. By default, DNS debug log feature is disabled on Microsoft DNS servers. To enable DNS to debug logging go to Microsoft DNS Server manager and right-click on DNS server and select properties.
Figure 11. Microsoft DNS Server Properties
After selecting DNS server properties, settings window opens. Click debug logging tab and set features as shown below:
Figure 12. DNS Debug Logging Settings
File path and name can be on local disk or can be a file share. If it is in local drive, please share this folder and give read privilege to the DNS Visibility appliance.
After configuring the DNS server and making log files available to read by DNS Visibility, set access information to logs within DNS Visibility. To set DNS log paths, access CIFS menu under Admin Tab and click Add button.
Figure 13. DNS File access definitin
Give a name to the settings and configure below settings.
Storage IP: Define the path to DNS debug log files. Generally file share of the log directory.
Username and Password: username and password to access log files
Domain: Domain name of your user which is define.
Description: it is a optional filed.
Click save button to save your deployment.
To start reading DNS debug files, Click the "mount" button. Once mount operation is successful system automatically start reading DNS file and generate reports..
Figure 14. Mount Operations
DNS visibility, namely DNS X-Ray, automatically reads DNS logs and classifies it based on categories. Summary information is available on the dashboard screen. Detailed client activity is analysed from the monitoring menu. Monitoring screen shows the Client IP and MAC addresses.
Figure 15. DashBoards
Figure 17. Monitoring