That's DNS filtering and NxFilter is a dns-filter. It's basically a forwarding DNS server with filtering ability. Since it uses light weight DNS protocol there's no need to have your traffic going through anywhere. You get no latency problem with NxFilter. Some users reported that after they installed NxFilter on their network their Internet speed improved greatly. This is because NxFilter keeps local cache for DNS lookup. Suppose in your network everybody uses Google public DNS server or your ISP DNS server. Their DNS queries need to be sent to these DNS servers on the Internet and your users need to wait for the response back from these servers. But if you have NxFilter in your network it keeps cache for the DNS response from its upstream DNS servers and reduces the network traffic greatly and your users don't need to wait for the response from these DNS servers on the Internet.Įven though it's faster and lighter than the traditional web-proxy based filtering, DNS filtering had its own limit in the past.
This is natural because DNS protocol doesn't have authentication scheme. It was the biggest obstacle for a dns-filter to be employed in real-world enterprise environment. However being a dns-filter, NxFilter provides 4 types of authentication methods for user identification. With NxFilter you can differentiate users and apply different filtering policies. NxFilter supports application control through its agents, NxLogon and NxClient. With this feature you can block UltraSurf, Tor, uTorrent, Skype, Minecraft and other applications you want to block. NxLogon is the Active Directory single sign-on agent of NxFilter and NxClient is the remote user filtering agent for NxFilter. There are many benefits only from a dns-filter but we had to give up several things if we want to go with a dns-filter so far. You can't enforce safe-search and you can't have keyword filtering against URL as it's working on DNS level.
0 kommentar(er)
