Quick Start Setup Guide - WAN Forwarding

Quick Start Setup Guide - WAN Forwarding

There are three methods you can use to protect your networks and users with ScoutDNS:

1) WAN Forwarding – This method involves configuring ScoutDNS with your WAN IP address and forwarding DNS queries from inside your network to our anycast resolver IPs.

Advantage: Simple and fast to deploy, usually within minutes.
Disadvantage: Provides limited visibility into DNS queries behind your firewall. Supports only one policy per WAN IP. Only allows logging and tracking of the WAN IP for each query.
Use Case: Ideal for BYOD environments or situations where you need to quickly protect everything behind your firewall with the easiest and fastest deployment method.



2) LAN Relay – This method involves setting up ScoutDNS relays as local forwarders inside your network, then assigning the forwarders to connected devices via DHCP.

Advantage: Protects all devices, including headless devices, on your network with per-device LAN IP logging and tracking. Allows different policies based on VLAN/Subnet. Encrypts DNS.
Disadvantage: Requires setting up an on-premise host or virtual machines.
Use Case: Ideal for BYOD environments, when you need different policies per VLAN, want to protect IoT devices with enhanced logging, or require per-device LAN IP tracking for each query.

3) Roaming Client (Scout360) – This method involves installing the Scout360 roaming client on your client devices.

Advantage: Protects devices both inside and outside the network. Supports device-level policies or policies for groups of devices. Provides per-query logging at the IP LAN, domain, and user levels. Encrypts DNS.
Disadvantage: Requires installing the Scout360 device agent. Cannot protect headless devices.
Use Case: Ideal when you need to provide off-network protection, whether on or off the VPN, or when user-level logging is required.
  

This guide will walk you through the steps to configure ScoutDNS on your network using the quickest setup method: WAN Network Forwarding.


Alert
When planning to use LAN Relay you must configure WAN Network Forwarding.  WAN Forwarding It is not required for roaming clients however is recommended in order to be site aware. 


Step 1: Register Network IP

ScoutDNS operates as a closed, private DNS resolver, enhancing security and preventing system abuse by third parties. As a closed system, our DNS resolvers only respond to requests from known users and networks. For this reason, your WAN IP address must be configured within the ScoutDNS application.

Create Site

All networks must be associated with a site. By default, ScoutDNS allows up to four networks to be configured under a single site location.



Click "New Site"

Enter a Site name and click "Save"

Create Network

Once you have created the Site, it is time to add the network and associate a policy.



Click 'Add Network.' Enter the network name and WAN IP address. If you are using a Dynamic DNS service, enter your domain name instead. Select a policy and click the checkmark to register the network. Finalize by clicking 'Save.'

You can always ask Google what your IP address is if you are unsure. 


Step 2: Configure Network to ScoutDNS


Locate your network DNS server settings


Identify which device or server on your network directs client devices to public DNS servers. This is usually a router or, in some cases, a firewall. Typically, the device that manages your IP addresses (DHCP) or serves as your default gateway is also where public DNS servers are configured.

If you are an active directory/domain controller environment, please refer to this detailed guide for configuring DNS in your environment.

Log on to the server or router where DNS is configured


Once you’ve logged in, locate the DNS settings for your device. If you're unsure where to find these settings, refer to your device's configuration manual.


Example of Sonicwall DNS settings for network.



Change your DNS server addresses


Change your DNS server address to the IPs provided in the GUI. ScoutDNS operates a global Anycast network for improved performance and resiliency.



Ensure that your DNS is set to static. Write down the previous DNS server information in case you need to revert the change.

**Advanced users may attempt to bypass your DNS settings by adding their own. You can prevent this by creating firewall rules. To create firewall rules that restrict DNS go here.

Restart Machines/Clear Cache

If your users obtain DNS settings via DHCP, their devices may need to be rebooted or reconnected to the network to adopt the new server settings.

If DNS is applied through a network proxy, you should clear the proxy resolver cache.


*** Remember to clear ALL CACHE in local machine, browser, and domain controllers, if applicable.

To confirm that your system is now using ScoutDNS resolvers, click here: verify.ScoutDNS.com. In some DNS proxy cases, the verification check may not register, even if DNS traffic is passing. Alternatively, you can verify by checking the ScoutDNS logs.

    • Related Articles

    • Setup and Use Guide for MSPs

      ScoutDNS is built for Managed Service Providers (MSPs) to deliver robust DNS protection to their customers and end users. Setup is straightforward, thanks to our object-based configuration approach. Here is a brief outline of what this guide covers. ...
    • Relay - Setup and Configure

      ScoutDNS supports a Relay configuration, allowing operators to install a lightweight service within their network. The relay acts as a local forwarding resolver, processing internal queries while forwarding public queries to the ScoutDNS cloud ...
    • Roaming Clients / Device Agents - Setup, Configure, and Manage

      ScoutDNS provides device agents for organizations that wish to protect devices with DNS-layer security both on and off the network. The ScoutDNS device agent is an extremely lightweight application, best installed on managed devices where ...
    • Dynamic IP Setup

      ScoutDNS supports dynamic DNS IP address integration with most dynamic DNS providers. Popular Dynamic DNS solutions include: No-IP ChangeIP DynDNS FreeDNS Once you have an account with one of these or a similar solution, you can configure ScoutDNS to ...
    • Configurable Objects and Their Associations

      ScoutDNS is designed with an object-based configuration model to simplify management and large-scale deployment. In this article, we will explore the various configurable objects and their associations. Allow/Block List Allow/Block List Description ...