08/07/2020

DNS – Secure Network Resolver – Setup

emPSN in conjunction with JISC is able to offer schools and connected members the use of a Secure Network Resolver service sDNS.  

To use the Secure Network Resolver you need to modify the primary DNS forwarders you are using for your site to point to the resolved IPs as your primary resolvers, existing resolvers can still be listed as tertiary resolvers.

Customer Site DNS servers should be configured to reference the Secure DNS services as primary 193.60.199.98  and secondary 193.60.199.99 resolution servers. We recommend the use of empsn DNS resources as tertiary services (eg 92.43.65.1 / 92.43.65.2) – Please also disable root hints

Once you’ve completed entering the details, you can test the block screen using the URL – bad-domain.soc.ja.net. 

Access and use of the DNS services can be confirmed by running the following for a command prompt:

nslookup www.empsn.org.uk 193.60.199.98

nslookup www.empsn.org.uk 193.60.199.99

 

Q. Where do I configure resolver addresses?

A. On most servers, our resolver addresses are configured as forwarders.

Note: configuration will be different on the type of server you are using such as Windows, Bind, or third-party appliance. 

 

Q. Do I need to disable root hints?

A. Yes.

  • On Windows DNS, deselect the option to “use root hints if no forwarders are available”.
  • On Bind servers, edit your conf file to enable “forwarders only” option.
  • On third-party appliances, please refer to your appliance vendor for assistance.

 

Q. Why can’t I see the test RPZ blocked landing page?

A. Check you are not using root hints. Also check if your servers are using web proxy service, this may bypass the resolvers. Are your DHCP settings pointing at your own DNS server? If not, please amend.

Example of the test RPZ blocked landing page 

 

Q. Further Issues

A. If you are continuing to have issues, please advise the server type or appliance you are using when contacting us (viasupport@empsn.org.uk), so one of our DNS engineers can assist you further. 

Please note, we are only able to provide guidance on Windows DNS and Bind servers. 

If you are using a third-party appliance, please refer to your appliance vendor for assistance. 

For information on other DNS services from emPSN:

Should you require any further assistance on this and any other empsn services please contact us on support@empsn.org.uk

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners