DNS Filter
How the filter works
- The DNS Filter will filter all DNS requests, which means clients won’t be able to resolve blocked domains at all.
The client will get an
NXDOMAIN
(Domain not found) response. As a result, this will prevent any application from connecting to the filtered server as it got no IP address.
Filter lists
- If the DNS filter is activated for the first time, hit Service Restart and perform the Online Update aftwards. Even if no Online Updates are available, the newest filter lists will be downloaded.
- These lists are updated regularly and have a strong focus on adult pages.
WebAdmin configuration
In order to activate the DNS Filter, open the WebAdmin and navigate to Security / DNS filter and first click on Activate to initialize the settings. This will activate the required services and display available options for it.
Special settings for the DNS Filter
Since the DNS Filter blocks the name resolution of unwanted target domains, connections to these will fail. This means, if clients try to open HTTPS Webpages, their browser will return a simple The Page could not be loaded message. The problem with these is that the IACBOX can not simply redirect clients to a local Site has been blocked page, because webbrowsers would detect the certificate mismatch of the target domain and the Site has been blocked resource on the IACBOX and eventually output an aggressive SSL Certificate error. The approach with the DNS Filter is to list blocked DNS requests on the IACBOX Logon Page instead. In order to access the IACBOX Login Page while being logged in, clients can call http://logon.now.
As seen in the screenshot, the IACBOX Login Page displays a warning on top which states Some of your connections have been filtered! Click here to display. After clicking on this message, the Filtered Websites section will be shown above the welcome section.
Integrators can decide to configure these warnings in the DNS Filter WebAdmin menu at Security / DNS filter. Available options are:
- Activate Connection Tracking for advanced logging - The Connection Tracking must be activated in order to obtain and save the DNS requests of clients. Once activated, the configuration below will become accessible.
- Display blocked entries on logon page - Integrators can decide to either show or hide blocked DNS entries from guests. If the Connection Tracking was activated before this step, administrators can review blocked connections in Users / Tickets / Overview by clicking on the DNS Filter icon to the left of the ticket name. This will open the Connection Log of this ticket, which includes filtered entries.
- Amount of last blocked entries displayed - The amount of filtered entries which should be displayed on the Client Logon Page.
- Cache time of last blocked entries - The time in which filtered entries are being shown on the Client Logon Page.
Select Filter Lists
In the next step, the Filter Lists can be selected in the tab Filter Categories. Select all desired filters and hit Save to continue.
Advanced Settings
The Advanced Settings allows for:
- Checking for domains/URLs in the filter lists
- Manually adding new domains to the filter- and exception list
- Uploading a Custom Domain List to block or add alot of domains as exceptions at once
Save the configuration and issue a Service Restart so that the new settings become active.