User Guide
LateralAccessDevice
 

User Guide

DNS Server and LateralDNS

LADís built-in DNS server resolves domain names by tracing them from the official top-level sources down to the official server for a specific domain name, following the protocols for verifying the DNS record through the official channels rather than taking the word of a random DNS resolver. What that means is that it starts from the authoritative registry for top-level domains and then drills down until it gets to the specific domain name registry that is the authority for the domain name requested.

Using the official sources and protocol for domain name resolution adds an additional layer of security, by making it more difficult for DNS-spoofing attacks to succeed.

Upon installation LAD will have the DNS server selections pre-populated, however, you may choose the DNS servers you would like to use on by entering them on the General Settings page.

LateralDNS: DNS firewalling

As discussed in the Access Controls / Parental Controls section, LAD's LateralDNS feature allows you to minutely control the domain-based content entering your network, including the level of access allowed by both domain name and device, with sophisticated scheduling and allow, deny and exception rule-making.

Additionally, LAD tracks all DNS activity for each device with comprehensive logs detailing each DNS request, including denied requests, and its result, so you will know where all of your devices are trying to go on the Internet, when and with what result. You may find the DNS logs by click on "DNS Log" on an individual device's settings page.

You may change the date and time range of the DNS log using the date range form or by clicking on one of the pre-set buttons. Additionally, you may choose to view all DNS activity or just a subset of activity, for example, allowed requests, denied requests and requests for whitelisted domains. "Not Active" refers to domains that have a domain or white/blacklist entry, but are not currently marked as active. "Not White/Black Listed" refers to requests for domains that are neither on your white- or blacklists.

  • Clicking on the domain name will take you to the domain's settings page, even if you have not previously created an entry for that particular domain. If you wish to set up domain accessibility controls for the domain, before exiting the page you must mark the domain as active, set the particular controls (Deny, Allow, etc) you desire and click on Save Settings. If you exit the page without marking the domain as active and saving the settings, no entry for the domain will be saved.
  • Clicking on the right arrow to the left of a domain name will expand the entry to show any subdomains that had been requested.
  • Clicking on the checkmark whitelists or unwhitelists the domain.
  • Clicking on the crossed out circle blacklists or unblacklists the domain.
  • The full DNS request and response log for individual domains may be accessed by clicking on "Log" next to the corresponding domain name.
  • The number to the right of the domain name indicates the number of requests made.

Some Browser Settings Hinder LAD's DNS Controls

Some browser settings will interfere with LAD's ability to process DNS requests, apply DNS firewalling and maintain DNS logs by obscuring your DNS activity. You may disable these features in your browser:

  • FireFox: Go to Settings, then Privacy & Security. Scroll down to HTTPS-Only Mode and disable it.
  • Chrome: Type "Chrome://flags" and search for DNS. Find "Async DNS resolve" and disable it, and "Secure DNS Lookups" and disable it.
  • Edge: Type "Edge://settings" or click on "Settings" in the dropdown menu and select "Privacy, search and services." Under "Security" find "Use secure DNS to specify how to lookup the address for websites" and disable it.

These settings thwart your attempts to control your Internet traffic by domain name by hiding your domain name requests (which are sent out everytime you go to a website) by using HTTPS, which is not the same as HTTP and uses SSL to encrypt the request, essentially making it impossible to tell what it is. These so-called "secure DNS" features direct your DNS requests to a DNS resolver of the browser maker's choice, rather than getting the information directly from the authoritative DNS registries (which is what LAD does). The interesting thing about their "secure DNS" is that in some situations they may deliver different results from each other and from the DNS registries.

Additionally, by using their "secure DNS" you allow them to track your device, your browser, where you go, tag your browser and build a profile of your Internet use. In normal DNS processing, no one keeps tabs of your requests and it is harder for the authoritative DNS registries to be tampered with.

For information on how a device's domain name settings interact with DNS firewalling and White and Blacklisting, please see Access Controls / Parental Controls.

<< Network Security / LateralFirewall | Reports >>