GateWall DNS Filter Deployment Options

Variant 1

In corporate networks, GateWall DNS Filter may be deployed in two different ways. The first option is to locate GateWall DNS Filter upstream of the corporate DNS server. With this option, the corporate DNS server allows forwarding DNS requests to the ISPs DNS server(s). Create LAN users with IP authorization using DNS Filter Administrator console. Specify corporate domain name in exclude_domains parameter of the section of the server settings file. DNS settings should specify that DNS requests will be sent to the internal corporate DNS server. Internet access via HTTPS and BCAP (BrightCloud Control Application Protocol, TCP port 2316) protocols should be allowed on a PC with GateWall DNS Filter. This option of GateWall DNS Filter deployment allows generating detailed statistics for all LAN users (client machines).

Figure 1 Variant 1

Variant 2

The second option is to install GateWall DNS Filter immediately downstream of the corporate DNS server. With this option, corporate DNS server settings need to specify GateWall DNS Filter as the server to forward requests (Forwarder). Create just one user in DNS Filter settings with the IP address of the corresponding corporate DNS server. In DNS Filter settings, specify ISPs DNS server(s) as the forwarding DNS servers. This option allows reduction of GateWall DNS Filter load due to additional caching on the corporate DNS server. However, this will make LAN users request statistics unavailable.

Figure 1 Variant 2

Important! GateWall DNS Filter is not a gate solution, which means DNS requests sent directly by users to the Internet must be blocked.