Quick Start Setup Guide - WAN Forwarding
There are three methods you can use to protect your networks and users with ScoutDNS.
1) WAN Forwarding: involves configuring ScoutDNS with your WAN IP address and then forwarding DNS queries from inside your network us our anycast resolver IPs.
Advantage: Simple and fast to deploy, usually within minutes.
Disadvantage: Provides limited visibility to DNS queries behind your firewall. Allows one policy per WAN IP. Only allows us to log and track the WAN IP for each query.
Use Case: BYOD. When you need to protect everything behind your firewall quickly, with the easiest and quickest deployment method
2) LAN Relay: involves setting up the ScoutDNS relays as local forwarders inside your network, then assigning the forwarders through DCHP to your connected devices.
Advantage: Protects all devices including headless devices on your network with per device LAN IP logging/tracking. Can set different policy based on VLAN/Subnet. Encrypts DNS.
Disadvantage: Requires the setup of on-premise host or virtual machines
Use Case: BYOD, When you want different polices per VLAN, want to protect IoT devices with greater logging, require per device LAN IP per query.
3) Roaming Client (Scout360): Involves installing the Scout360 roaming client on your client devices.
Advantage: Can protect devices inside and outside the network. Can deploy device level policy or policy to groups of devices. IP LAN, Domain, and User level logging per query. Encrypts DNS
Disadvantage: Must install Scout360 device agent. Cannot protect headless devices.
Use Case: When you need to provide off-network protection both on and off the VPN. When you need user level logging.
This guide will walk you through the steps needed to configure ScoutDNS to your network using the quickest setup method, WAN Network Forwarding.
When planning to use LAN Relay you must configure WAN Network Forwarding. WAN Forwarding It is not required for roaming clients however is recommended in order to be site aware.
Step 1: Register Network IP
ScoutDNS operates as a closed/private DNS resolver. This helps to improve security and prevent system abuse by third parties. As a closed system, our DNS resolvers will only answer requests from known users/networks. For this reason, we must configure your WAN IP network address with the ScoutDNS application.
Create Site
All networks must be associated to a site. By default, ScoutDNS allows up to four networks to be configured to a single site location.
Click "New Site"
Enter a Site name and click "Save"
Create Network
Once you have created the Site, it is time to add the network and associate a policy.
Click "Add Network". Enter network name and WAN IP address. If you are using a Dynamic DNS service, you can enter your domain name instead. Select policy and click the check mark to register the network. Finalize by clicking "Save".
You can always ask google what your IP address is if you are unsure.
More on Dynamic IP support here.
Step 2: Configure Network to ScoutDNS
Locate your network DNS server settings
Identify which device or server on your network points your client devices to your public DNS servers. This is usually a router or sometimes a firewall. Typically, the device that handles your IP address (DHCP) or the device that serves as your default gateway is also where you configure public DNS servers.
If you are an active directory/domain controller environment, please refer to this detailed guide for configuring DNS in your environment.
Log on to the server or router where DNS is configured
Once you’ve logged in, find the DNS settings for this device. If you're unsure of where these settings are, please refer to your device configuration manual.
Example of Sonicwall DNS settings for network.
Change your DNS server addresses
Change your DNS server address to IPs provided from the GUI. ScoutDNS Operates a global anycast network for performance and resiliency.
Make sure your DNS is set to be static. Write down the previous DNS server information in case you wish to revert the change.
** Advanced users may try to work around your DNS settings to add their own. This can be fixed by creating firewall rules. To create firewall rules restricting DNS go here.
Restart Machines/Clear Cache
If your users acquire DNS from DHCP, these machines may need to reboot or reconnect to the network in order to adopt the new server settings.
If DNS is applied via network proxy, you should clear the proxy resolver cache.
*** Remember to clear ALL CACHE in local machine, browser, and domain controllers if applicable.
To confirm your system is now using ScoutDNS resolvers, click here: verify.ScoutDNS.com. In some DNS proxy cases the verification check my not register even when DNS traffic is passing. Another option to verify is by checking the ScoutDNS Logs.
Related Articles
Relay - Setup and Configure
ScoutDNS supports a Relay configuration which allows operators to install a lightweight service inside their network. The relay is a local forwarding resolver service that processes queries inside the operator network while relaying public queries to ...Roaming Clients / Device Agents - Setup, Configure, and Manage
ScoutDNS provides device agents for organizations what wish to cover devices with DNS layer protection on and off the network. The ScoutDNS device agent is an extremely lightweight application best installed on managed devices where administrative ...Dynamic IP Setup
ScoutDNS supports dynamic DNS IP address integration with almost any dynamic DNS provider. Popular Dynamic DNS solutions include: No-IP ChangeIP DynDNS FreeDNS Once you have an account with any of these or similar solutions, you can configure ...Configure Custom Block Pages
Admins have the ability to edit the default block page and to create multiple custom block pages to present to end users. Block pages are rendered in our block page service engine. You can assign custom block pages to WANs under Sites, and Roaming ...Organizations - Configuration and Management of Multi-Tenant Use
ScoutDNS provides two levels of tenancy. The primary inherent level allows any operator to be a member of any number of accounts and could have different roles depending on each account setting. The second level enabled though the Organizations tab ...