Artica Official site | Download Isos and virtual appliances
¶ DNS Firewall service Overview
DNS Firewall service is a highly DNS-, DoS- and abuse-aware load-balancer.
- Its goal in life is to route traffic to the best server, cache DNS responses and delivering top performance to legitimate users while shunting or blocking abusive traffic.
- It have capabilities to forge DNS entries in order to enforce resolution of some hosts.
- DNS Load-balancing service is dynamic, its configuration using ACLs methods,.
- Possibility to create complex rules for SafeSearch(s) activation
- Possibility to control and display the status of all DNS backends.
- Possibility to use DNS-Over-HTTPs downstream servers.
- Possibility to use OpenDNS and OpenDNS family as backends DNS servers
- Possibility to deploy your own DNS-Over-HTTPs server.
- Display rule names in real time events and real-time events by rule
- Display cached records and delete cached records
¶ Act as a DNS Firewall ?
There are some products that admit to the notion of a DNS firewall but only offer malicious host filtering capabilities.
Artica Load-balancing does the same but works as a firewall dedicated to DNS protocol.
It offers the possibility to create ACLs like a firewall to influence DNS responses.
With DNS Firewall method it is possible to do this kind of advanced rule :
For a DNS request that is resolved with A or NS or CNAME query on a server located in Panama and if the domain have “.club” or “.pro”' and “.xyz” extension and if it is categorized as Advertising or Tracker, then change the resolved IP address to 127.0.0.1
¶ An object-based methodology
- When creating DNS rules, you can associate objects that are focused on a given operation during resolution processing, such as host name, connecting IP address, resolved IP address, destination country, operation period, requested domain category.
Objects contain multiple records and can be associated with rules in order to build a true hosts resolution security.
¶ Main features:
- Act as DNS router with advanced ACLs
- Geo DNS Rules - DNS rules by country
- 0-day reputation support with The Shields feature
- Can be connected with the Web-filtering engine
- You can build DNS-Filter rules according your Personal Categories or Artica Categories that handle more than 50.000.000 of categorized websites.
¶ Install the DNS Firewall service
Before installing the service, check if there is a new version that can be upgraded.
- The Load-balancing service can be installed using the “Features” section under the "system" menu.
- Search the entry “DNS Firewall” and click on “Install” button
- This operation will uninstall any other DNS service you may have previously installed
- After installation, use the left menu in "DNS" / "DNS Firewall" to customize the service options.
By default, the service is active and operational because Artica retrieves the public DNS servers that you have set in the general configuration.
The only difference is that the service will process them in a balancing manner rather than sequentially.