Endian banner

DNS

The DNS proxy is a proxy server that intercepts DNS queries and answers them, without the need to contact a remote DNS server each time it is necessary to resolve an IP address or a hostname. When a same query is often repeated, caching its results locally may sensibly improve performances. The available settings for the DNS proxy are grouped into three tabs.

DNS proxy

A few options for the DNS proxy can be configured in this page.

Transparent on Green, Transparent on Blue, Transparent on Orange
Enable the DNS proxy as transparent on the GREEN, BLUE, and ORANGE zone, respectively. They appear only if the corresponding zones are enabled.

Specific sources and destinations can be set up to bypass the proxy by filling in their values in the two text areas.

Which sources may bypass the transparent Proxy
Allow the sources under the corresponding text area not to be subject to the DNS scanning. The sources can be specified as IP addresses, networks, or MAC addresses.
Destinations to which bypass the transparent Proxy
Allow the destinations under the corresponding text area not to be subject to the DNS proxy scanning. The destinations can be specified as IP addresses or networks.

DNS Routing

Changed in version 2.5: Renamed from ‘Custom Nameserver’

This page allows the management of custom domain - nameservers pairs. In a nutshell, whenever a sub-domain of a domain is queried, the corresponding nameserver in the list will be used to resolve the domain into the correct IP address.

A new domain - nameserver combination can be added by clicking on the Add new custom nameserver for a domain link. When adding an entry, a few values can be entered for the various options available:

Domain
The domain for which to use the custom nameserver.
DNS Server
The IP address of the nameserver.
Remark
An additional comment.

On each domain in the list, these actions can be carried out:

  • edit - edit the rule.
  • delete - delete the rule.

Anti-spyware

Changed in version 2.5-2013-January: the DNS blacklist.

This page presents configuration options about the reaction of the Endian 4i Edge Appliance when asked to resolve a domain name that is known to be either used to propagate spyware or that serves as phishing site. The options that can be set are:

Enabled
The requests are redirected to localhost. In other words, the remote site will neither be contacted nor reachable.
Whitelist domains
Domain names that are entered here are not treated as spyware targets, regardless of the list’s content.
Blacklist domains
Domain names that are entered here are always treated as spyware targets, regardless of the list’s content
Spyware domain list update schedule

The update frequency of the spyware domain list. Possible choices are Daily, Weekly, and Monthly. By moving the mouse cursor over the respective question mark, the exact time of the update execution is shown.

Hint

to download updated signatures, the system must be registered to Endian Network.

Note

Older version of the anti-spyware module used a different engine to block DNS requests, therefore another option was available:

Redirect requests to spyware listening post
When this option is enabled, the requests are redirected to the spyware listening post instead of localhost, providing useful information to the companies that fight malware and spyware. For more information, follow the link that is shown on the GUI.