Skip to main content

A guide for small business

Network topology

If you are not an IT professional or manage the DNS infrequently, then understanding where the D-Zone DNS Firewall fits will help you to understand what you need to do. Full documentation is provided to all D-Zone DNS Firewall customers. 

In the past, the modem to the internet was separate from the router you used in your home or small business. Today, these two devices are often combined into one device, often called a gateway.

In a similar way to how your business or home router knows where the devices (i.e. PCs) on your network are located, the D-Zone firewall servers know where servers on the internet are located. This part of the D-Zone service is traditionally called a recursive server. The difference is that our recursive resolver refuses to provide directions to known problem sites. For most small and medium businesses, the recursive service is delivered by an Internet Service Provider while many large organizations choose to run their own.

Your gateway, or router, has DNS settings to tell it where to go to access the D-Zone DNS Firewall service.

Network topology of a DNS firewall implementation showing D-Zone outside of the organization and how the Internet Gateway (or router) points to the D-Zone service..

Devices on a network go through the internet gateway.The D-Zone DNS Firewall gets DNS queries from the gateway.

Configure D-Zone service for your organization

CIRA does not currently offer any kind of free open recursive service so we are required to whitelist your access to our servers. This improves security and performance for our customers by keeping the service dedicated to their needs.

  1. When you sign up for the service, you will receive an email from our customer service representative providing D-Zone web portal login credentials to configure your security settings that will include the IP address.  For those with dynamic IP addresses we have service options that can handle those, but you will be required to contact us to configure.
  2. If you do not know your IP address, then finding it easy. For example, typing “what is my IP address” into a Google search bar will return the result, and there a number of number of web services that can do the same.
    Google search of "what is my IP address" showing the result

    A simple Google search for, "what is my ip address" will give the answer.
  3. At this point, no configuration is required in the D-Zone DNS Firewall web portal in order to be protected. By default, malware and phishing protection is turned on and content filtering and Google safe search is turned off. If you want to make changes to these settings the D-Zone interface is easy to navigate and the technical documentation is available in the help files if you need them.

Gateway configuration

There are hundreds of different hardware scenarios that organizations in Canada could be using to access the internet. Most operate in a similar fashion, and while not generally not designed for complete technology neophytes, the average user is capable of using the software if they follow the steps closely. These steps will be explained in the technical documentation for your router or gateway and can likely be found online from both your provider and helpful users who have posted videos and guides.

Set-up - example using the Bell Connection Hub

This example uses the Bell Connection Hub. Most routers and hubs are highly similar and this article will provide overviews on many of the popular new ones - https://www.lifewire.com/how-to-change-dns-servers-on-most-popular-routers-2617995 .

  1. Determine the IP address for your gateway. For most Bell configurations this is 198.168.2.1. Enter this address in a browser. Other common gateway addresses include 198.168.1.1 and 198.168.0.1. 
    Browser bar entering gateway IP address
  2. For Bell and for most router/gateways the default username is admin and the default password is admin. Hopefully, for security reasons, you are not using the default setting and will have your own username and password. If you have lost them then you will need to reset the router to factory settings. Consult your gateway technical documentation.
  3. On the left side navigation select internet.
    Bell Connection Hub interface

    Bell connection hub interface showing where you manually configure the DNS
  4. In DNS Settings, choose the radio button and manually specify DNS information

    For Primary DNS, enter:  162.219.51.2
    For Secondary DNS enter:  162.219.50.2

    Note 1: D-Zone has built-in backup with multiple servers in each node and multiple geographically distributed nodes deployed using a technology called, anycast. It also operates across two different "clouds" or IP addresses to provide you with backup. If you specify a secondary DNS from an insecure provider then in the unlikely event that D-Zone were to go down, your router would default to the secondary DNS and you would not know that you are browsing unprotected.

    Note 2: For those that want to use an IPv6 address to access the D-Zone firewall service you will use this IPv6 address as your Primary DNS (not recommended for normal users): 2620:10a:8054::2 and 2620:10a:8055::2

  5. Save your settings and close the browser.

  6. Some devices on your network may require a re-boot in order to begin using the new DNS settings.

Advanced option - setting up Windows Server as a forwarding DNS server

If you are running your own recursive server and wish to continue to do so then you will configure it as a forwarding DNS server to the DNS Firewall nodes. You likely already have the expertise to manage the technology so we won’t go into a high level of detail on configuration. This example uses Windows 2016 If you need support with windows or any other DNS servers that you may be using, please contact us at dnsfirewall@d-zone.ca.

  1. Open the DNS Manager and right mouse click to manage the properties.
  2. Select the Forwarders tab under DNS properties.
    Windows DNS settings

    The DNS manager in Microsoft server
  3. Click Edit and enter the IP address for the DNS Firewall 162.219.51.2 (and backup with 162.219.50.2)
  4. Delete any existing/additional forwarders so that you are only using the D-Zone service for queries.
  5. If you don’t have a trustworthy alert process, it is recommended that you uncheck, "Use root hints if no forwarders available". This avoids unprotected browsing using Windows as a backup resolver in the event of a problem with D-Zone or your networks access to D-Zone.