MACROTICK.COM. Web filter using public DNS. MUM US - April, 2016 Jovan Strika, Macrotick

Similar documents
The Use of Mikrotik Router Boards With Radius Server for ISPs.

» David Bisschoff» Durban, South Africa» Work at Kinsey Computers» Discovered MikroTik in Kinsey Computers cc

Step-by-Step Configuration

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Introduction to Network Operating Systems

Computer Networking. Definitions. Introduction

White Paper How to Remotely Access Ethernet I/O Over the Internet

LAN TCP/IP and DHCP Setup

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Network Basics GRAPHISOFT. for connecting to a BIM Server (version 1.0)

Configuring Routers and Their Settings

DNS Basics. DNS Basics

Chapter 10 Troubleshooting

Application Description

Evaluation guide. Vyatta Quick Evaluation Guide

WISP 101. The DO s and DON T s of becoming a Wireless ISP

Zscaler Internet Security Frequently Asked Questions

Bandwidth-based load-balancing with failover. The easy way. We need more bandwidth.

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

Firewall VPN Router. Quick Installation Guide M73-APO09-380

GregSowell.com. Mikrotik Basics

Multi-Homing Dual WAN Firewall Router

Digi Connect WAN Application Guide Using the Digi Connect WAN and Digi Connect VPN with a Wireless Router/Access Point

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Technical White Paper

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

CHAPTER 6 DESIGNING A NETWORK TOPOLOGY

Reducing the impact of DoS attacks with MikroTik RouterOS

DNS Best Practices. Mike Jager Network Startup Resource Center

F5 Silverline DDoS Protection Onboarding: Technical Note

Figure 41-1 IP Filter Rules

Chapter 11 Cloud Application Development

Web Caching and CDNs. Aditya Akella

How to Guide: StorageCraft Cloud Services VPN

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

DNS Server Operation & Configuration

Topic 7 DHCP and NAT. Networking BAsics.

Enterprise Buyer Guide

WARP 3.0 Table of Contents

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

< Introduction > This technical note explains how to connect New SVR Series to DSL Modem or DSL Router. Samsung Techwin Co., Ltd.

Using VDOMs to host two FortiOS instances on a single FortiGate unit

Building Effective Firewalls with MikroTik P R E S E N T E D B Y: R I C K F R E Y, N E T W O R K E N G I N E E R I P A R C H I T E C H S O P E R AT I

LinkProof DNS Quick Start Guide

Load Balancing Using PCC & RouterOS

CheckPoint Software Technologies LTD. How to Configure Firewall-1 With Connect Control

Network Address Translation (NAT)

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Web Application Hosting Cloud Architecture

Load Balancing Using PCC & RouterOS

Steps for Basic Configuration

MikroTik RouterOS Workshop Load Balancing Best Practice. Warsaw MUM Europe 2012

Chapter 3 LAN Configuration

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

How To Configure A Vyatta As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net (Dspv) On A Network With A D

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Chapter 3 Security and Firewall Protection

Chapter 1 Connecting Your Router to the Internet

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

iseries TCP/IP routing and workload balancing

Enterprise Edge Communications Manager. Data Capabilities

Chapter 2 Introduction

Comtrend 1 Port Router Installation Guide CT-5072T

Networked AV Systems Pretest

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Chapter 8 Advanced Configuration

Routing Security Server failure detection and recovery Protocol support Redundancy

Chapter 5 Customizing Your Network Settings

Lab Configuring Access Policies and DMZ Settings

Web Request Routing. Technical Brief. What s the best option for your web security deployment?

Chapter 4 Customizing Your Network Settings

ReadyNAS Remote White Paper. NETGEAR May 2010

BASIC ANALYSIS OF TCP/IP NETWORKS

Chapter 7 Troubleshooting

Firewall Defaults and Some Basic Rules

GregSowell.com. Mikrotik Security

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Creating a VPN with overlapping subnets

Step-by-Step Configuration

Appendix IP CAMERA Network Connections

Source-Connect Network Configuration Last updated May 2009

Network Configuration Settings

Load Balance with Masquerade Network on RouterOS. Prepared by: Janis Megis (Mikrotik) Valens Riyadi (Citraweb)

Load Balancing Trend Micro InterScan Web Gateway

Chapter 4 Firewall Protection and Content Filtering


1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Internet Security Firewalls

Copyright 2008 Link Technologies,Inc. A Proud Vendor Member of the

Polycom. RealPresence Ready Firewall Traversal Tips

What is included in the ATRC server support

ASA/PIX: Load balancing between two ISP - options

Behavioral Differences Regarding DNS Queries and Domain Name Resolution in Different OSs

IPv6 Tunneling Over IPV4

Internet infrastructure. Prof. dr. ir. André Mariën

Transcription:

MACROTICK.COM Web filter using public DNS MUM US - April, 2016 Jovan Strika, Macrotick

Enterprise Grade Routers Networking equipment and management services based on MikroTik router boards

Cloud Services Unique approach to network monitoring and management using MikroTik scripting capabilities

Overview Web filter using public DNS service Why we need DNS and how it works Anycast and DNS OpenDNS and Classification of the Internet Configuring Mikrotik to use OpenDNS Advantages and disadvantage

WWW MACROTICK COM = 67.34.139.250 Macrotick servers What can be your DNS server? ROOT DNS servers Internet Your Router Your Server Your ISP No records in my cache, ask ROOT servers LAN Router with DNS Server Or another DNS Provider I want to visit www.macrotick.com User 5

Macrotick servers Using Public DNS Providers Router 208.1.1.1 LAN User Internet I want to visit www.macrotick.com Google DNS Server 8.8.8.8 I have record in my cache, no need to ask ask ROOT servers DNS server not installed on the Router Router is just forwarding DNS request Public DNS server will respond to your request 6

Simplified BGP and Unicast Routing Internet Macrotick servers Routing the Internet Router 208.1.1.1 LAN User Google DNS Server 8.8.8.8 Routers are using BGP protocol to exchange routing information They will use the closes path to get to destination More than one path will ensure redundancy 7

AnyCast routing Google UK DNS Server 8.8.8.8 Internet Macrotick servers Routing the Internet Router 208.1.1.1 LAN User Google US DNS Server 8.8.8.8 When using Anycast, DNS request will always connect to the 'closest' (from a routing protocol perspective) DNS server. This reduces latency, and provides a level of load-balancing 8

Why AnyCast for DNS server Why AnyCast Same IP anywhere Makes DNS more reliable - 100% uptime Improves DNS performance Provides resilience against DDoS attacks Easy to scale- just add another orange dot 9

OpenDNS and Internet Classification Next level of DNS service with OpenDNS Each DNS request is mapped to domain Most of domains are classified by category Anyone can submit domain and suggest category Community will vote if they agree 10

OpenDNS Features OpenDNS Features Chose categories that you want to block based on your public IP address Add custom domains to white/ black list Get statistics of your DNS queries 11

How to use OpenDNS with Mikrotik router Mikrotik with DNS server Enable local DNS server on Mikrotik and use OpenDNS servers to forward request if not found in local cache Setup DHCP server to provide router LAN IP address as DNS server Add NAT firewall rule to redirect traffic to local port 53 /ip dns set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220 /ip firewall nat add action=redirect chain=dstnat dst-address-type=!local dstport=53 protocol=udp to-addresses=0.0.0.0 to-ports=53 /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 Mikrotik without DNS server Disable DNS server on Mikrotik Setup DHCP server to OpenDNS servers as DNS servers Workstations will send DNS requests directly to OpenDNS servers Add NAT firewall rule to redirect traffic to OpenDNS server port 53 /ip dns set allow-remote-requests=no /ip firewall nat add action=redirect chain=dstnat dst-address-type=!local dstport=53 protocol=udp to-addresses=208.67.222.222 to-ports=53 /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dnsserver=208.67.222.222,208.67.220.220 12

How to Handle Dynamic IP address Using Updater Clients from OpenDNS Using Mikrotik script Install OpenDNS updater software on Windows or MAC Updater will recognize when IP addresses are changed and it will update your OpenDNS network settings. Script developed by Alexander Harrison who works for OpenDNS Using HTTP to send update to OpenDNS API 2 versions of the script available: Always send update Only send updates when a new IP is detected https://support.opendns.com/entries/69688114- Mikrotik-WinBox-Dynamic-Update-Script 13

How to use OpenDNS with Mikrotik router Advantages Limitations Web filter - of course Simple to use Cloud based, no local hardware/ software to install Your data analytics and statistics Added security - recognize and prevent before an attack More reliable and redundant DNS You must get a Public IP from your ISP Content may be sent through proxy (originally they were adding ads) One filter for all users - no custom filter rules per internal IP or user (unless they use VPN per device) No scheduling (block specific categories during work hours) 14

Solving Limitation through Integration OpenDNS Integration Integrated in Netgear router Parental Controls Rules per user Rules based on time of day What next 15

THANK YOU! Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information