Photo by Nathan Dumlao on Unsplash

Photo by Nathan Dumlao on Unsplash

DNS filtering with authentication

Optimized Throughput

Article from ADMIN 60/2020
By
Filtering HTTP connections and employing traditional proxy servers can protect users from web threats but also increase latency. DNS filters would be a better option, but they lacked authentication – until NxFilter came along.

Web filters that are based on the HTTP proxy server principle are part of the standard toolkit for protecting corporate networks. The use of such filters, often employing the Squid proxy server and similar tools, leads in practice to serious latency problems on the network because the proxy server analyzes and filters the web traffic and thus becomes a bottleneck. These latency problems grow with the number of users.

However, latency is not the only problem: Proxy servers primarily specialize in filtering HTTP connections. This limitation can be solved with the help of a DNS filter, which can monitor all the traffic, regardless of the protocol used to send or receive data. NxFilter [1] is a freeware DNS filter that can compete with commercial products in terms of functionality and performance. In essence, NxFilter is a forwarding DNS server with a filter function. Because the DNS protocol is used, the data traffic does not have to pass through a special filter – thus eliminating latency problems.

The news gets better: Experience reports indicate that the use of NxFilter has a positive effect on the Internet connection of all the network clients. The reason for the performance gain is the local cache that NxFilter uses and manages for DNS lookups. Assuming a corporate network uses the Internet provider's DNS servers, the DNS queries have to be sent to these servers, and the network clients have to wait for a response. If you operate a local DNS filter, the local DNS server serves the queries. Ideally, the cache provides the responses, which results in a significant reduction of network traffic. Figure 1 illustrates the differences between unfiltered and filtered DNS queries.

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus