- Public IPv4 and IPv6 addresses can be shared in one host. There are no more duplicate costs due to duplicate ruleset
Networks without local DNS zones
Existing environment
DNS Server
In the home and in small businesses, it is rare to find a dedicated DNS server today. The function of the DNS server is taken over by the router on site and forwards the DNS requests to the DNS servers of the provider.
Client
As a rule, the local clients use the router as DNS server. The configuration is mainly done via DHCP. In exceptional cases, the configuration can also be done manually and must be adjusted accordingly.
Functionality
In this scenario, it is recommended to forward the requests to the router. The router forwards the requests to the ICS name servers on behalf of the client.
The ICS name servers identify the DNS requests at the public source IP and apply the configured ruleset. By linking the SPDyn DNS host name to the ruleset, correct processing is ensured even for dynamic IP addresses.
Configuration
Public IPv4 address and no IPv6 connection
If the Internet connection has a public and uniquely identifiable IPv4 address, these IPv4 addresses must be entered as forwarders on the DNS server:
- 85.209.185.50
- 85.209.185.51
Public IPv4 address and public IPv6 address
If the Internet connection has both a public and identifiable IPv4 and IPv6 address, both the IPv4 and IPv6 name servers can be used.
- 85.209.185.50
- 85.209.185.51
- 2a09:9c40:1:53::1
- 2a09:9c40:1:53::2
No public IPv4 address and one public IPv6 address
If the Internet connection does not have a public IPv4 address but an IPv6 address, the IPv6 name servers must be used.
- 2a09:9c40:1:53::1
- 2a09:9c40:1:53::2
No public IPv4 address and no public IPv6 address
If the Internet access provider does not provide public IP addresses for the Internet connection, the ICS service cannot be used via the DNS protocol.
Networks with local DNS zones
Existing environment
DNS Server
Companies often have AD structures and, as a result, DNS zones that cannot be publicly resolved. In these cases, the AD servers are often used directly as DNS servers. Thus, the clients can resolve the local DNS zones and all external resources are resolved by the DNS servers through external resources.
In some cases, certain zones are also provided via VPN connections. One example here is KV-Safenet.
Client
As a rule, the local clients use the domain controllers as DNS servers. The configuration is mainly done via DHCP. In exceptional cases, the configuration can also be done manually and must be adjusted accordingly.
Configuration
In this scenario, it is recommended to forward to the domain controller and router. Usually, the domain controllers are used as DNS, but for optimal configuration it is recommended to secure the router as well.
The ICS name servers identify the DNS requests at the public source IP and apply the configured ruleset. By linking the SPDyn DNS host name to the ruleset, correct processing is ensured even for dynamic IP addresses.
It must be ensured that all DNS queries of the environment to be protected are made via the correct and unique public IP address.
Öffentliche IPv4-Adresse und keine IPv6 Anbindung
Verfügt der Internetanschluss über eine öffentliche und eindeutig identifizierbare IPv4-Adresse, sind diese IPv4-Adressen als Forwarder auf dem DNS-Server einzutragen:
- 85.209.185.50
- 85.209.185.51
Public IPv4 address and public IPv6 address
If the Internet connection has both a public and identifiable IPv4 and IPv6 address, both the IPv4 and IPv6 name servers can be used.
- 85.209.185.50
- 85.209.185.51
- 2a09:9c40:1:53::1
- 2a09:9c40:1:53::2
No public IPv4 address and one public IPv6 address
If the Internet connection does not have a public IPv4 address but an IPv6 address, the IPv6 name servers must be used.
- 2a09:9c40:1:53::1
- 2a09:9c40:1:53::2
No public IPv4 address and no public IPv6 address
If the Internet access provider does not provide public IP addresses for the Internet connection, the ICS service cannot be used via the DNS protocol.