flareDNS

Articles in this knowledgebase

• Glossary of Terms
• Why Use flareDNS?
• First Login
  • Dashboard View
• Menu
  • Query Log
  • Long term data
• Request Whitelist URL
  • flareDNS Portal

Glossary of Terms

Here are a list of terms you will see used in flareDNS and/or this knowledgebase:-

• DNS
  The internet is made easier for humans to use by assigning domain names to IP addresses. Instead of having to remember lots of numbers, we use something more memorable, like cybxsecurity.com or Google.com.
  Web browsers access and interact with websites by using IP (Internet Protocol) addresses.
  A DNS (Domain Name System) is the translation of domain names into IP addresses. A DNS server transforms (resolves) a domain name into an IP address, so that a web browser can interact with the website.

• Query
  When you attempt to access a website, and type in a domain name, or when any device (client) at your premises tries to connect to a pre-configured IP address, a DNS query (sometimes also called a DNS request) is sent from a user’s computer (DNS client) to a DNS server. A DNS request is sent to ask for the IP address associated with a domain name.
• Query Types (integrated)
  There are various query “types” that flareDNS blocks and allows. Here is a comprehensive list of these query types.
• Client
  This is a device on your network
• Blocklist
  This is a list of DNS which is blocked. No client on your network can interact with any DNS on this list.
• Whitelist
  A predetermined list of DNS which any device can interact with.

Why Use flareDNS?

flareDNS is a gateway for all the devices on your network. No IP address can ever connect to your network unless it passes through flareDNS. Some devices are pre-configured to connect routinely to specific IP addresses, and make DNS queries which show up in the query logs on flareDNS.

For example, an IoT (Internet of Things) device such as a Phillips Hue Smart Lightbulb may connect to Phillips servers to check for updates, “keep alive” the device so it can operate remotely, or to self-diagnose any problems. Whilst this is an acceptable connection, and deemed safe, we know that no other connections should exist with this device. Phillips’ servers are whitelisted, and trusted connections. flareDNS prevents any nefarious connections from interacting with the Lightbulb by blocking them from all devices on the network (not just the lightbulb).

The blocklist used by flareDNS is proprietary, and ever evolving with known DNS which serve ads, belong to hacking groups, terrorism groups, crypto-mining servers and much more. CybX Security automatically updates your blocklist with new DNS IP addresses, so you are always up to date with newly discovered “bad guys”.

– First Login

You will be provided an IP address to access the dashboard during installation.

Open a new browser window. Enter this IP address, which will look something like this:

 https://10.1.1.8/admin 

Once you are logged in, you will see the following screen:-

Dashboard View

The dashboard presents you with the following information & stats –

• Total queries: Number of DNS queries flareDNS recorded
• Queries blocked: Number of DNS queries blocked by flareDNS
• Percent Blocked: Percentage of DNS queries blocked
• Domains on Blacklist: Number of domain names on the flareDNS blocklist/blacklist

– Menu

Query Log

The query log in flareDNS shows you the date and time of each query, along with detailed information of each query:-

• Type – The most common DNS records you will see in flareDNS are A and AAAA records. A is an IPv4 domain name record (so converting IP to cybxsecurity.com for example), and AAAA is an IPv6.
  More info here on IPv4 & IPv6.
• Domain – The domain resolved by the DNS server
• Client – Which client (device) connected
• Status – OK or Blocked
• Action – Here you can choose to blacklist or whitelist accordingly. On some installations, you may not have this option. See whitelisting/blacklisting below.

Long Term Data

Long term data is stored by your flareDNS, so you can see historical data.

Request Whitelist URL

There may be domains or DNS IP addresses blocked by flareDNS that you do not want blocking. Conversely, there may be some on your whitelist that require blocking.

To request a whitelisted DNS IP or domain, simply visit the flareDNS Portal.

– flareDNS Portal