After months of testing, fixing, building, and testing more, I am pleased to announce that the ScoutDNS Cloud Managed DNS Relay is here! What is a cloud managed DNS relay? A DNS relay is a service that receives DNS queries from clients and “relays” or transmits them on to a remote usually recursive DNS server. It can be referred to as a DNS proxy or sometimes called a forwarder (though not technically the same).
The key difference between a relay and a resolver, is the relay does not communicate with the internet root servers itself, but instead lets an upstream service handle this. A cloud managed DNS relay simply means that instead of managing the relay host application directly on the host itself, the application can be fully managed from a cloud enabled interface/process.
Why Use a Relay?
A relay addresses the limitations inherent with simply forwarding DNS queries to external service such as ScoutDNS. If there is no service inside the network, we cannot determine which devices themselves make queries. By installing a relay we enable a number of key enhancements/features:
- Policy by Subnet– Because we can read the local IP address, we can assign policy based on subnet meaning different policies for different LAN networks.
- Local Devices IP in Logs – With the local IP address, we can tag all queries with the LAN IP of the device for better tracking in the logs
- DNS Encryption – By routing all internal DNS through a set of hosts, we can now encrypt the DNS traffic before it leaves your network using DoT or DoH for privacy and security.
Why Cloud Managed?
All other solutions on the market today require the creation and management of local host config files. This means it takes more time to deploy relays to networks while also increasing the ongoing management/troubleshooting overhead.
The ScoutDNS Relay is the industry’s first fully cloud managed DNS Relay solution. This means our relay can be deployed much quicker and in some cases can be done fully remote with no onsite technicians needed. Once deployed, the configuration of the relay is fully managed inside the ScoutDNS UI.
How Does it Work?
Once you execute the install service on your Linux host, the host application will inform our relay service that it is ready to be adopted or registered. After adoption is complete the relay host will retrieve the configuration from the relay service through a secure TLS connection.
Configuring the Relay For Your Network
Configuring the relay though ScoutDNS is relatively simply. You will want to configure any subnets and assign policy that you want to enforce. Since the relay becomes the primary DNS for local client devices, we need to be able to forward queries for internal domains as appropriate. It is very important to setup any local forwarders to local DNS services. One example of this is Windows DNS for active directory.
LAN IP Reporting
One of the best features for the relay is the ability to track all queries for any LAN IP on the network without needing device agents. This is good to track requests not only for user based clients, but also enables better visibility into IoT devices.