On-Premise DNS filtering with Rawstream Network Server
Rawstream Network Server provides an on-premise deployment option for DNS-based filtering. Rawstream Network Server monitors DNS traffic and enforces policies. Policies are applied on a per-machine basis.
Reporting and settings are via the Rawstream Dashboard
Download the Rawstream Network Server. Zip file contains Windows and Linux binaries.
QUICK START
As admin run the platform specific run-server script to start the server, then browse to http://localhost:6945/ to set the account token and DNS servers to forward queries to.
HOW IT WORKS
Rawstream Network Server acts as DNS proxy server that is intended to run on the local network, on a server or virtual machine. Use DHCP to distribute the Rawstream Network Server's IP to client devices.
Rawstream Network Server tracks all DNS requests made and the devices which made them.
REQUIREMENTS
The Rawstream Network Server can be run on any 64-bit version of Windows or Linux machine that is running all the time to provide DNS service to client devices. You can run it on a virtual machine with minimal resources: 1 CPU / 2GB ram is adequate. The network server has zero external dependencies.
Rawstream Network Server does not require, and does not integrate with, Active Directory.
DEPLOYMENT
Unzip the attached zip file to a folder on the host machine. The folder should be the permanent folder, ex c:\rawstream-network-server or /opt/rawstream-network-server/. Run the run-server script depending on the platform. Note that as the network server needs to open port 53, it needs to run under admin privileges.
Windows - as ADMIN:
The Server is a Windows service "Rawstream Network Agent Service" and needs to be registered as a service. As ADMINISTRATOR run the following:
install-windows-service.cmd
Then start the service:
start-windows-service.cmd
You can also start and stop the service from the Services Control Panel (services.msc)
To remove the service, first stop it, then:
rawstream-network-server.exe remove
On Linux - as root:
sudo bash run-server-linux-x64.sh
You may need to set the bins to executable under bin on Linux and Mac:
chmod 755 bins/rawstream-network-server-linux
chmod 755 bins/rawstream-network-server-mac
CONFIGURATION
Browse to http://localhost:6945/ to set the account token and DNS servers to forward queries too.
The two DNS servers must be set. For each request the Network Server picks one DNS server randomly and should it fail, the Server will fall back to the other.
REDUNDANCY
For additional redundancy you can run multiple instance of the Rawstream Network Server on your network.
ACTIVE DIRECTORY
In Active Directory environments, clients send their queries to the Network Server which then forwards the queries to Domain Controllers. Browse to http://localhost:6945/ to set the Domain Controller IPs that the Network Server will forward queries to.
CLIENT DEVICES
All client devices that use the Rawstream Network Server for DNS services are supported: desktops, laptops, tablets, etc.
Configure devices to use the Rawstream Network Server machine as the DNS server. You can either do this manually for each device or via DHCP.
By default the Network Server uses Google's DNS server on 8.8.8.8 to forward queries. Browse to http://localhost:6945/ to use different, perhaps local, DNS servers.
CONFIGURING RAWSTREAM POLICIES
Log in to the rawstream.com dashboard and set policies Settings > Users > Internet Policies
Note that machine names that are being monitored will be listed under Settings > Users > User List.
SETTING UP THE BLOCK PAGE
The Rawstream Network Server by default returns an NXDomain for websites that a client is not allowed to access.
To show the block page:
1. Open config/blockip.conf.REMOVE and enter the IP address of the server running Network Server
2. Rename config/blockip.conf.REMOVE to config/blockip.conf
3. OPTIONAL edit www/blockpage.html template - any HTML is supported. Note that {{.HostName}} and {{.CategoriesBlocked}} are placeholders and are replaced
4. Start the Rawstream Network Server
Any changes to the config/blockip.conf require the server to be restarted. Edits to blockpage.html take effect immediately.
To disable the block page:
1. rename config/blockip.conf to some other name
2. restart the Rawstream Network Server
