New blogpost: per-device MAC address based DNS policies

classic Classic list List threaded Threaded
4 messages Options
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

New blogpost: per-device MAC address based DNS policies

bert hubert-3
Hi,

We're blogging up some new and exciting PowerDNS 4.0.0 and dnsdist features.

Earlier we posted:
http://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/

"In this post, we’ll explain how to efficiently use the PowerDNS Recursor to
optionally block certain domains for some or all of your users. This could
be to stop users being tracked, to block advertisements or to protect
against malware. The simple scripts below scale to millions of domain names
and millions of users, all with acceptable startup times (seconds)."

Today we added:
http://blog.powerdns.com/2016/01/27/per-device-dns-settings-selective-parental-control/

"A problem however for other kinds of filtering is that subscribers
typically
share a single IP address among all their devices. This makes it hard to
provide ‘parental control’ to the kids’ tablets, but not to other computers
in the household
...
With the configuration outlined above, it is easily possible to provide
per-device DNS filtering instructions for each subscriber"

We will be continuing this series until and beyond the 4.0.0 and dnsdist 1.0
releases. Let us know if there is a topic you'd like to see covered!

        Bert
_______________________________________________
Pdns-users mailing list
[hidden email]
https://mailman.powerdns.com/listinfo/pdns-users@...
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New blogpost: per-device MAC address based DNS policies

Aladme
Hi all,

For some time I'm hearing things about version 4.0 and I would like to know which version is the stable one.
I have 3.4.7 for Auth and 3.7.3 for Recursors and I'm not sure from which it is safe to update to version 4.0.

I will go on production very soon and I would like to know which version do you advise me.

Thanks Ale.

-----Original Message-----
From: bert hubert [mailto:[hidden email]]
Sent: miércoles, 27 de enero de 2016 14:19
To: [hidden email]
Subject: [Pdns-users] New blogpost: per-device MAC address based DNS policies

Hi,

We're blogging up some new and exciting PowerDNS 4.0.0 and dnsdist features.

Earlier we posted:
http://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/

"In this post, we’ll explain how to efficiently use the PowerDNS Recursor to optionally block certain domains for some or all of your users. This could be to stop users being tracked, to block advertisements or to protect against malware. The simple scripts below scale to millions of domain names and millions of users, all with acceptable startup times (seconds)."

Today we added:
http://blog.powerdns.com/2016/01/27/per-device-dns-settings-selective-parental-control/

"A problem however for other kinds of filtering is that subscribers typically share a single IP address among all their devices. This makes it hard to provide ‘parental control’ to the kids’ tablets, but not to other computers in the household ...
With the configuration outlined above, it is easily possible to provide per-device DNS filtering instructions for each subscriber"

We will be continuing this series until and beyond the 4.0.0 and dnsdist 1.0 releases. Let us know if there is a topic you'd like to see covered!

        Bert
_______________________________________________
Pdns-users mailing list
[hidden email]
https://mailman.powerdns.com/listinfo/pdns-users@...
_______________________________________________
Pdns-users mailing list
[hidden email]
https://mailman.powerdns.com/listinfo/pdns-users@...
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New blogpost: per-device MAC address based DNS policies

bert hubert-3
On Wed, Jan 27, 2016 at 03:06:24PM +0000, Alejandro Adroher Mellado wrote:
> Hi all,
>
> For some time I'm hearing things about version 4.0 and I would like to know which version is the stable one.
> I have 3.4.7 for Auth and 3.7.3 for Recursors and I'm not sure from which it is safe to update to version 4.0.
>
> I will go on production very soon and I would like to know which version do you advise me.

4.0 has not been released, let us be clear about that. We will announce soon
when we think Authoritative 4.0.0, Recursor 4.0.0 and dnsdist 1.0.0 will be
released (more or less, we only release software once it is ready, not just
to keep a release date!).

Also, please know that our own domains and resolvers all run on 4.0 and 1.0.
We trust the stuff.

Simultaneously, if you run the releases that are heading up to 4.0.0/1.0.0
as published on repo.powerdns.com, you will get absolutely dedicated support
from us with every issue you find. I think you have experienced that
already.

This support promise is there since only through actual use will our new
releases become good enough, even though we run thousands of automated tests
on every code change.  

Through this pre-release support program, we now know that dnsdist and auth
1.0/4.0 versions now power major telecommunications networks, university
campuses and leading CDNs. If the software breaks, you would read about it
in the news.

So the official answer is: we'll let you know when the new releases are
formal. And util that time, expect exceptional support for any issues you
might have.

I hope this is helpful!

        Bert

>
> Thanks Ale.
>
> -----Original Message-----
> From: bert hubert [mailto:[hidden email]]
> Sent: miércoles, 27 de enero de 2016 14:19
> To: [hidden email]
> Subject: [Pdns-users] New blogpost: per-device MAC address based DNS policies
>
> Hi,
>
> We're blogging up some new and exciting PowerDNS 4.0.0 and dnsdist features.
>
> Earlier we posted:
> http://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/
>
> "In this post, we’ll explain how to efficiently use the PowerDNS Recursor to optionally block certain domains for some or all of your users. This could be to stop users being tracked, to block advertisements or to protect against malware. The simple scripts below scale to millions of domain names and millions of users, all with acceptable startup times (seconds)."
>
> Today we added:
> http://blog.powerdns.com/2016/01/27/per-device-dns-settings-selective-parental-control/
>
> "A problem however for other kinds of filtering is that subscribers typically share a single IP address among all their devices. This makes it hard to provide ‘parental control’ to the kids’ tablets, but not to other computers in the household ...
> With the configuration outlined above, it is easily possible to provide per-device DNS filtering instructions for each subscriber"
>
> We will be continuing this series until and beyond the 4.0.0 and dnsdist 1.0 releases. Let us know if there is a topic you'd like to see covered!
>
>         Bert
> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> https://mailman.powerdns.com/listinfo/pdns-users@...
_______________________________________________
Pdns-users mailing list
[hidden email]
https://mailman.powerdns.com/listinfo/pdns-users@...
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New blogpost: per-device MAC address based DNS policies

sporkman
In reply to this post by bert hubert-3
> On Jan 27, 2016, at 8:18 AM, bert hubert <[hidden email]> wrote:
>
> Hi,
>
> We're blogging up some new and exciting PowerDNS 4.0.0 and dnsdist features.
>
> ...
>
> Today we added:
> http://blog.powerdns.com/2016/01/27/per-device-dns-settings-selective-parental-control/
>
> "A problem however for other kinds of filtering is that subscribers
> typically
> share a single IP address among all their devices. This makes it hard to
> provide ‘parental control’ to the kids’ tablets, but not to other computers
> in the household
> ...
> With the configuration outlined above, it is easily possible to provide
> per-device DNS filtering instructions for each subscriber”

Slightly off-topic, but this intrigues me, more from a privacy perspective than anything else. :)  I was looking at the email thread you linked to and saw some confirmation this is happening (embedding unique identifiers in DNS queries), but I’m still curious just who is doing this.  Are we talking Verizon and AT&T and the like?  And am I understanding how this works - basically the CPE provided to the customer presents it’s inside IP as the DNS server via DHCP and then acts as a proxy for the NAT’d devices?

I’d love to hear more...

Charles
--
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet www.bway.net
[hidden email] - 212.982.9800


>
>        Bert
> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> https://mailman.powerdns.com/listinfo/pdns-users@...
_______________________________________________
Pdns-users mailing list
[hidden email]
https://mailman.powerdns.com/listinfo/pdns-users@...
Loading...