PerezBox

Tony Perez On Security, Business, And Life

  • Security
  • Business
  • Life
  • About
  • Contact
standard post icon

Unleashing the Power of Authoritative DNS

Published in Security on August 10, 2020

It was an exceptionally long week, and you managed to get to bed around midnight. You’re a system admin, and at the core of your job is to keep the systems running. Tonight you are on call, if something goes wrong you’re the first to know and are responsible for responding.

You are specifically responsible for ensuring the availability of your companies website. Unlike other sites, your company is running an online commerce store, and service a global audience. The company is yielding $10k in new sales an hour.

It’s imperative that customers can access your site.

It’s 2 am. Your phone starts to light up like a Christmas tree. PagerDuty is having a meltdown and you’re on the receiving end. Your slack notifications are hitting the notification thresholds with Slack. Text messages are pouring in.

Little does the chaos know you forgot to turn on your notifications. There you lay, peacefully, thinking the world is anything but what it is.

The flickering lights, and vibration, finally get the attention of your dog that starts to growl at the inconvenience. The break in the evening noise catches your attention. You open your weary eyes and see your phone dancing in the mist of the evening grog.

It hits you. You grab your phone, it takes a fraction of a second to realize what has happened – you’re down.

Introducing NOC.org

For the better part of 10 years, that’s the world that Daniel and I lived, and continue to live with our projects. We serviced 100’s of thousands of businesses, of all sizes, around the world with incident detection, compromise mitigation services and availability assurances through our CDN / WAF. But through that entire experience, outages happened.. it’s the harsh reality of working on networks.

What we realized is that we needed a better solution for detecting, mitigating and recovering from these availability incidents. That’s why we are introducing NOC.org.

With NOC.org, the scenario above would have been identified and mitigated seamlessly for the user via some of the platforms Smart routing features.

Automating Detection of Incidents, Mitigating Issues, and seamless Recovery

One of the biggest weakest aspects of monitoring availability incidents is that is that it almost always requires manual intervention. Not because technologies don’t exist, but users often lack the knowledge, expertise, to implement the appropriate mitigating controls. In many more instances it’s because the platforms themselves make it too complicated.

NOC.org works to modernize the approach by integrating technologies together. Similar tools, but integrated to help make better decisions for users. If there is one thing we have learned over the years is that the world isn’t lacking in tools, they’re lacking in their ability to parse through the noise and make decisions.

Using Authoritative DNS and the NOC.org smarting routing features, a user is able to create enhanced records. These records allow you to create a fail-over and recovery construct between two nodes that work for you in any incident.

How NOC.org Would Respond to an Availability Incident

In the following illustrations I’ll show you what would have happened in the scenario above:

1 – Normal traffic flow to your web server….

Simplified illustration of Web Traffic hitting a Web Server

2 – NOC.org detects issue with Primary, redirects traffic to Failover within minutes:

NOC.org Detects Issues, Reroutes all traffic

2 – NOC.org detects recovery, and recovers:

NOC.org Automatically Recovers When Outage Mitigated

To do this NOC.org merges different technologies to a) detect issues, and b) automatically respond and recover on behalf of the organization. All through the use of Authoritative DNS and smart routing features.

Binding Monitors with Authoritative DNS Services

One way to tackle availability incidents is to leverage the Domain Name System (DNS), specifically Authoritative DNS (quick primer on DNS).

Authoritative DNS’ are a critical part of how the web works. They contain all the information associated with a domain known as records. These records are stored in a container known as a zone.

Every domain (e.g., perezbox.com) has a set of records. These records tell the web where to find information for a domain.

For example, I leverage tony@perezbox.com as my email. I use what is known as an MX record in my domains zone file to tell the web how to route email to my inbox. Additionally, I have a website that leverages an A record which tells the internet where to find the content of my site. That’s about as deep as I’ll go into zones here, but understand that every domain has one and the piece of the DNS ecosystem that controls these zones is known as the Authoritative DNS.

These zones are typically a feature embedded within a platform like a Registrar or a CDN provider.

Registrars are those that sell you the domain, think of a NameCheap. While a Content Distribution Network (CDN) helps ensure performance and availability, something like our alma matter, Sucuri. Both have their own reasons for why they want to retain a domains zone information, and in doing so treat it as an embedded feature.

Note: Some CDN’s don’t allow you to use other Authoritative DNS providers. While an antiquated approach, this would make it impossible to use with NOC.org.

As the domain owner, you have the ability to choose who you want to manage your zone. You have the ability to move your authoritative DNS to another provider. Doing so will often help provide failover and redundancy, especially when you have your ducks all in one basket – Registrar, DNS, CDN, WAF, etc…

It all works great, until it doesn’t.

Ensuring Business Continuity

Things go down, that is a hard lesson we learned running our own CDN / WAF for years. You can do everything in your power to ensure the service is never disrupted, but Murphy often has other plans. Whether it’s a partner disruption, or something as innocuous as an oversight during a PR.

Leveraging an independent Authoritative DNS can add exponential peace of mind to an organization that depends heavily on their online presence.

NOC.org is here to help provide that. Think of us as a complementary solution, not a replacement.

standard post icon

Content Filtering with CleanBrowsing

Published in Security on July 31, 2020

Content filtering is one of the most under utilized tools in creating safe browsing experiences.

A few years back, while on one of our many walks around the office, Daniel and I found ourselves in a rabbit hole discussing our home networks. Our oldest kids were barely 9 and 10, and our youngest were somewhere in the 4 / 5 age range.

Like many parents, we were slowly succumbing to a world where we as parents had to struggle with the debate of online access for our kids. On one hand, it was so peaceful when they were on their machines, but on the other we struggled with the idea of continuous connection at that age.

This was further compounded by our understanding of the threats online, not just malicious ones. We started to explore threats like content we wouldn’t find appropriate for our own children (e.g., pornography, obscene content).

As we realized that we were caving to the idea that our kids would inevitably be connected to their devices, we set to out to find ways to help ensure they were having safe browsing experiences. So we built a content filtering platform called CleanBrowsing.

What is Content Filtering?

The premise of content filtering is you choose what is, and is not accessible on your internet. We place a lot emphasis on adult content like pornography, but it can be used to help combat online addictions to gambling, gaming, online shopping, and a number of other challenges in the new digital age.

Daniel and I are very different in our ideology and philosophies, so flexibility was a must, which is why being able to create our own content filtering at home was so important. Content filtering allows us to choose what we allow to be seen on our home networks. It applies to all the devices connected to your home router, but can also be configured individually on the devices.

With content filtering, a parent can choose what they do, and do not, want to allow on their home Wi-Fi. This extends not just to your family, but to anyone else visiting your home.

If you’re curious how this works, we offer a free service that any parent can use. We don’t track who is using it, and we don’t know what it is being used for.

FilterDNS IPDescription
Security. IP1: 185.228.168.9 
IP2: 185.228.169.9
Malicious domains blocked (phishing, malware)
Adult. IP1: 185.228.168.10
IP2: 185.228.169.11
Adult domains blocked; Search Engines set to safe mode; +Security Filter
FamilyIP1:185.228.168.168
IP2: 185.228.169.168
Proxies, VPNs & Mixed Adult Content blocked; Youtube to safe mode; +Adult Filter
CleanBrowsing Free Content Filtering Options

The following table provides you an example of how content filtering can be used to filter content based on specific categories:

FilterDescription
Adult & PornographyThis filter blocks access to adult and pornographic content. It includes Escort sites, pornhub and similar domains. It also enforces Safe Browsing on Google and Bing.
Adult Mixed ContentThis filter blocks access to sites that allow pornographic content, while they may also be used for non-adult activities. It includes domains like reddit and some image sharing domains.
Ads & TrackingThis filter block access to Ads and tracking products. It includes Google Ads, Mixpanel and other ad-based products.
TorrentsThis filter blocks access to Torrent sites. It includes The Pirate Bay.
Proxy & VPNsThis filter blocks access to Proxies and VPN products. They are often used to bypass filters.
GamblingThis filter blocks access to online gambling sites.
Social NetworkThis filter blocks access to social networks. It includes Facebook, Twitter and Google Plus.
Small Snippet of the Categories Available for Content Filtering with CleanBrowsing

How Content Filtering Works with CleanBrowsing

Almost every device you interact with – from your refrigerator to you laptop makes use of something known as the Domain Name System (DNS). Think of DNS like the central nervous system of the web.

With DNS your browser (e.g., Chrome, Firefox, Edge [IE]) knows where perezbox.com is on the internet. We built a layer of the DNS construct known as a resolver, and introduced a filtering layer on top of it. This layer allows us to filter content based on your desired preferences.

If you want more control, want the ability to tune the filtering, make use of an additional 16 filters, or a number of cool features like custom blocks, custom allow and block lists, then learn more about the differences between the paid and free service.

Tech Note: Playing with networks can take a bit more time, and can be a bit frustrating, but the end results can be extremely satisfying. Patience is key. If you have questions, just send me a note, I’ll be happy to give you a hand.

To help in the process, we created a free community portal that works to answer as many questions as possible. Let us know what we’re missing.

CleanBrowsing Free Community Forum

Tony Perez CEO Sucuri

About Tony Perez

I've spent the better part of the past 15 years dabbling in various technical industries, and these days my focus is website security and business. This blog, regardless of topic is a chronicle of my thoughts and life as I navigate those things that interest me the most.

  • Facebook
  • Twitter
  • LinkedIn

CleanBrowsing

How To Block Porn

Recent Security Posts

Feelings Have No Place in the World of Security

Unleashing the Power of Authoritative DNS

Content Filtering with CleanBrowsing

You Don’t Need a VPN

3 Tips to Secure Your Home Network

View All Security Posts

Recent Business Posts

Stop Thinking, Start Doing

The Selling Process

Negotiations are a Game of Chess, Not Checkers

Yes, You will Have to Hustle

Decentralizing Social Platforms

View All Business Posts

Recent Life Posts

What Are the Trade-Offs that Make Trump Ok?

Thanks FaceBook, Bye

A World of Absolutes

Thank You GoDaddy / Sucuri. A New Chapter Begins | CleanBrowsing

Don’t fear failure. Embrace Your Scars. 

View All Life Posts

Like what I have to say?

Subscribe to hear more...

I don't always have something to say, but when I do I will aim to make it insightful. Subscribe to hear my thoughts as I make them available.

PerezBox

  • Facebook
  • Twitter
  • LinkedIn

Copyright © 2021 Tony Perez, PerezBox. All Rights Reserved | Security | Privacy