Most of you will already know what DNS is. Just in case let me explain:
Domain Name Server or DNS is the system that our devices use to get the IP addresses of a website. Whenever we try to access a website, the computer first need to get the IP address of the server and, then, it requests the webpage.
Why we need to monitor or filter DNS?
There are several reasons why we want to monitor and filter DNS. One of them is for security reasons. Is important to avoid illicit and phishing webpages being accessed from a corporate network. Another reason can be to understand our employees behavior or to avoid employees distractions.
How can DNS be filtered?
An easy option is to have an internal DNS, and this block requests to several outside pages. For instance, configuring a Windows Domain controller to act as a DNS and filter the requests to certain websites. Also, most of the Firewalls that we can buy nowadays have a filtering layer. This will provide a preloaded list of DNS entries or IPs that can be blocked depending on which kind of content we want to filter. The monitor part then can be the most challenging one. There is no “easy” way of doing it without installing external tools. Some monitoring platforms as Palo Alto DNS Security or Cisco Prime can do both things at the same time.
The solution I want to present today is much easier that all the others. Use OpenDNS!
OpenDNS is a company that was acquired by Cisco in 2015 and provides public DNS services. So where is the advantage? Well, when using OpenDNS corporate e can create a free account and register our House or Corporate network and configure filters for different categories and specific domains. So when a request comes from the registered network OpenDNS will respond or block the access according to our configuration.
OpenDNS Filter Levels
Open DNS can be used for enterprise security embedded as a tool under Cisco Umbrella or can be used standalone in the consumer option. Under the consumer option, we can create a home account. Where we can filter the categories we want to block, and or any specific domain that we want to avoid, like netflix.com or facebook.com.
The monitoring dashboards are automated and start populating after 24 Hours. Giving us an interesting view of the usage of our network. It’s worth mentioning that if we have an internal DNS, OpenDNS will only monitor external websites. And we can configure it as a DNS provider for our internal DNS server.
OpenDNS Graphic monitoring sample
To make it even neater, we can configure the messages that pop up when a site is blocked. To do so, we can go to the settings tab, and in the left menu click the customize option. This option will allow us to display a custom logo and a text every time a page is blocked by OpenDNS.
I hope that you get something useful from this post!