The next 0.4 version of DNS Safety filtering server is ready for public preview. The following features are available for now:
- Deploys as full featured DNS server on your local hardware (or in the cloud). Currently tested on Ubuntu 18 LTS, Debian 9, FreeBSD 11 and pfSense 2.4. Runs on TCP/UDP port 53 as any normal DNS server does.
- All incoming requests can be forwarded to your custom DNS server (usually those assigned by your ISP) or Google Public DNS or Cisco OpenDNS Family Shield. Local records from /etc/hosts are processed too.
- Incoming requests can be filtered using the same category database that we use in Web Safety ICAP web filter product. Category database is automatically every two weeks.
- Administrator can apply different filtering policies, blacklist or whitelist individual domain names per policy by exact name or regular expression. Policy members can be specified using MAC address, IP address, subnet or IP address range.
The product was born out of the need to do local DNS filtering within un-managed home/small company/public wifi networks where full featured HTTPS decrypting web filtering proxy solution like Web Safety is not applicable (because trusted root proxy ca certificates cannot be installed on networking machines).
How to Install
The complete installation guides for Ubuntu, Debian, FreeBSD and pfSense are available at https://docs.dnssafety.io.
The application is installed in /opt/dnssafety and is managed from the console only by editing the /opt/dnssafety/etc/config.json file and restarting the DNS daemon by typing:
systemctl restart dsdnsd
Access log of the application is stored at /opt/dnssafety/var/logs/access.log. It allows you to see what policy processed what DNS request and if that request was blocked or not.
Error log of the application is stored in /var/log/dsdnsd.log. It shows various internal activities of the application. Can be quite helpful in these initial steps of development.
Links to Packages, Issues and Scripts
The DEB packages can be downloaded from the main site of the product – https://dnssafety.io (VMware Virtual Appliance, Azure Virtual Machine and DEB installation packages for Debian 9 and Ubuntu 18.04).
All issues are welcome at our GitHub project page – see https://github.com/diladele/dnssafety/milestones. The repo contains collection of scripts we use to build the virtual appliance based on this project.
Please have in mind it is being actively developed project and might not always work as expected. We do appreciate any feedback you might have. Contact firstname.lastname@example.org if this easier or preferably create an issue at GitHub.