Cloud-Based Deployment
Last updated
Last updated
Cloud-based filtering enables secure DNS traffic without installing any software in the local environment. Public IP addresses are defined and assigned to security profiles. DNSCyte DNS servers are defined as forwarder DNS servers of your local DNS Servers.
Public IP deployments apply security profiles to client devices which are defined using a public IP to query DNS. Once DNS request is received from an assigned public IP address to DNSCyte Cloud DNS servers, the system automatically applies configured security policy to the DNS request. Enabling Public IP filtering consist of two steps:
The first stage of configuration is to apply a security profile to your Public IP. All DNS queries originated from the defined IP address(es) will be filtered by using a security profile. To set your Public IP go to deployment and select Public IP.
Under Public IP, public IP definitions can be accessed and assigned to a security profile. Public IP definitions can be added or removed. To define a new Public IP, click "Add New IP" and new IP wizard appears right side of the screen.
Public IP details can be defined from public IP definition screen. Public IP's can be static or bound to a dynamic domain. The following settings are configured:
Name: Logical name for thr Public IP.
IP Address: Your Public IP Address(es). You can define multiple IP by clicking "+" sign. IP ranges are also supported.
By Default System Automatically assigns the Public IP of the browser accessing the management portal. If DNS queries originate from a different IP address, it must be changed.
Security Profile: User can select appropriate Security Profile from the drop-down menu, which can be predefined or manually created. All DNS queries coming from defined IP Address will be evaluated by using security profile settings.
Block Page Logo: Block image can be set on the blocking page
Block Messages: Block messages can be customised in the block page by editing the field. System automatically updates blocking notification with this message
Sink Hole IP: By default, DNSCyte returns block page IP address to DNS queries which is blocked. You can set specific IP as a return result of blocked categories.
After you set all settings on Public IP definitions click Apply button to take effect your settings.
To process or filter DNS queries, DNSCyte should be the external DNS server. DNSCyte DNS servers use 199.244.90.190 and 199.244.90.191 IP addresses. Their DNS names are dns1.dnscyte.com and dns2.dnscyte.com. To forward DNS requests, DNS servers should be defined as forwarder DNS servers. Alternatively, DNSCyte DNS servers can be assigned in the end-points. Both sample settings are shown below.
Once forwarder settings are made on the client or DNS Server, the system is ready to go.
For Windows Server 2012 and above, following PowerShell command must be run (as administrator) after defining the DNS forwarder addresses to be able to use the DNSCyte DNS addresses.
Command: “Set-DnsServerForwarder -EnableReordering $False -PassThru”