N4L new service
101 views
Skip to first unread message
Kevin Whelan
May 7, 2018, 11:34:04 PM5/7/18
to Techies for schools
Received this today and for those that do their own filtering like we do is anyone considering this.
Also wonder how many people are using N4L DnS as they suggest?
https://www.n4l.co.nz/managed-network-home/#faq
Also wonder how many people are using N4L DnS as they suggest?
https://www.n4l.co.nz/managed-network-home/#faq
Mike Etheridge
May 7, 2018, 11:35:25 PM5/7/18
to techies-f...@googlegroups.com
Can’t see this having a positive impact on latency.
Mike
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jonathan Webster
May 8, 2018, 7:40:54 PM5/8/18
to techies-f...@googlegroups.com
I hope not! - this extra layer of protection is done through DNS so should be way faster than the blink of an eye. I've got all our Raspberry Pis doing DNS checks throughout the day and I'm keeping a close eye on it. Also have a bunch of schools all over the country already testing it and haven't heard any complaints yet.
It's a legit DNS service we're using, it hasn't just been bashed out in the shed over a weekend :)
Let's have a chat over a beer when you're up here next week!
Jonathan Webster
Solution Architect
The Network for Learning Ltd
M +64 22 040 3300 P 0800 LEARNING
A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
A PO Box 37118, Parnell, Auckland 1151 n4l.co.nz
Andrew Godfrey
May 8, 2018, 8:31:09 PM5/8/18
to techies-f...@googlegroups.com
We do our own filtering including not allowing DNS queries to go out our firewall but go through our on-site DNS servers which use the N4L ones as the upstream DNS servers.
Andrew Godfrey | Network Manager
On 9 May 2018 at 11:40, Jonathan Webster <jonathan...@n4l.co.nz> wrote:
I hope not! - this extra layer of protection is done through DNS so should be way faster than the blink of an eye. I've got all our Raspberry Pis doing DNS checks throughout the day and I'm keeping a close eye on it. Also have a bunch of schools all over the country already testing it and haven't heard any complaints yet.It's a legit DNS service we're using, it hasn't just been bashed out in the shed over a weekend :)Let's have a chat over a beer when you're up here next week!
On Tue, 8 May 2018 at 15:35, Mike Etheridge <mi...@etheridge.co.nz> wrote:
Can’t see this having a positive impact on latency.Mike
On 8/05/2018, at 3:34 PM, Kevin Whelan <kwhel...@gmail.com> wrote:
Received this today and for those that do their own filtering like we do is anyone considering this.
Also wonder how many people are using N4L DnS as they suggest?
https://www.n4l.co.nz/managed-network-home/#faq--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Jonathan WebsterSolution ArchitectThe Network for Learning Ltd
M +64 22 040 3300 P 0800 LEARNINGA Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052A PO Box 37118, Parnell, Auckland 1151 n4l.co.nz
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
Kevin Whelan
May 9, 2018, 5:25:00 PM5/9/18
to Techies for schools
So only effective if using N4L DNS to start with?
Jonathan Webster
May 9, 2018, 6:48:11 PM5/9/18
to techies-f...@googlegroups.com
Yes that's right.
Would you prefer not to set your forwarders to our DNS? Using our DNS ensures the best user experience by getting more content from the on-net content distribution nodes, enforces Google and Bing Safe Search, and are fast. Going forward will also provide that extra layer of protection to help with anything not already picked up through your existing FW.
To answer your initial question though - almost every school uses our DNS
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pete Mundy
May 9, 2018, 10:04:03 PM5/9/18
to techies-for-schools@googlegroups.com schools
Heya Jonathan
Just checking - when you say 'our DNS', do you mean the resolver IPs 122.56.237.1 & 210.55.111.1. Or do you mean something else?
And also, just for clarification, are you saying that N4L won't be transparently redirecting all other DNS through this service? Ie individual users can still use 1.1.1.1 or 8.8.8.8 (or whatever) for testing DNS lookups (assuming their firewall allows it) and have confidence the lookups aren't being intercepted?
I had just assumed there would be a port-53 redirect occurring at N4L's borders to ensure that all traffic was being 'protected' regardless of which resolver the querier addressed the packet to (and I'd sure love to be wrong on that assumption :)
Pete
> On 10/05/2018, at 10:47 AM, Jonathan Webster <jonathan...@n4l.co.nz> wrote:
> <snip>
Just checking - when you say 'our DNS', do you mean the resolver IPs 122.56.237.1 & 210.55.111.1. Or do you mean something else?
And also, just for clarification, are you saying that N4L won't be transparently redirecting all other DNS through this service? Ie individual users can still use 1.1.1.1 or 8.8.8.8 (or whatever) for testing DNS lookups (assuming their firewall allows it) and have confidence the lookups aren't being intercepted?
I had just assumed there would be a port-53 redirect occurring at N4L's borders to ensure that all traffic was being 'protected' regardless of which resolver the querier addressed the packet to (and I'd sure love to be wrong on that assumption :)
Pete
> On 10/05/2018, at 10:47 AM, Jonathan Webster <jonathan...@n4l.co.nz> wrote:
> <snip>
Mike Etheridge
May 9, 2018, 10:10:32 PM5/9/18
to techies-f...@googlegroups.com
I would certainly expect that if I, or one of our users, pointed at a resolver of our choice, e.g. 1.1.1.1, we would be using that resolver. If that is not the case, I will organise our DNS lookups to go somewhere else, not N4L.
Mike
Mike
Julian Davison
May 9, 2018, 10:17:12 PM5/9/18
to techies-f...@googlegroups.com
You can probably tell; however isps hijacking outgoing traffic has always been common place.
It's always something I check when troubleshooting.
Jonathan Webster
May 9, 2018, 10:41:47 PM5/9/18
to techies-f...@googlegroups.com
Good question - to clarify we're only going to intercept DNS traffic to 122.56.237.1 & 210.55.111.1 - IF you're using our Web Filtering. If you aren't using our Web Filtering then we've asked Principals if school want to opt-in to this additional layer of protection. All other DNS traffic is untouched if allowed through our FW.
By default, we only allow the above and 8.8.8.8 through the N4L firewall on the routers. We had to allow 8.8.8.8 as Chromecasts and a few other devices with embedded DNS servers had issues using anything other than 8.8.8.8.
If you need other DNS servers to be allowed then just log a request - but note the caveats what I mentioned earlier around Safe Search and CDNs etc.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mike Etheridge
May 9, 2018, 10:48:37 PM5/9/18
to techies-f...@googlegroups.com
Why did you ask the principals instead of the IT people? Did you suggest to them that they consult their IT people? I’m not sure that all principals would understand the issues here.
Mike
Julian Davison
May 9, 2018, 10:52:44 PM5/9/18
to techies-f...@googlegroups.com
If the principal is making IT decisions without discussion with the right people, DNS is not the greatest issue 😁
Pete Mundy
May 9, 2018, 10:53:01 PM5/9/18
to techies-f...@googlegroups.com
Thanks Jonathan for the clarification. It really is very helpful to know the technical details.
Pete
Andrew Godfrey
May 10, 2018, 12:32:52 AM5/10/18
to techies-f...@googlegroups.com
Good one Julian.
Reply all
Reply to author
Forward
0 new messages