NxFilter is a freeware DNS filter designed for enterprise environment.
Faster and lighter
There are many webfilter products based on Squid proxy or some other HTTP proxy. With this approach you might have a serious latency problem on your network. This is because your web traffic needs to go through one point in your network that is your webfilter and it becomes a bottle neck in your network. This latency problem gets bigger when you have bigger number of users. But there is another approach. That is DNS filtering and NxFilter is a DNS filter. It is basically a DNS server with filtering ability. Since it uses light weight DNS protocol there is no need to have your traffic going through anywhere. You get no latency problem with NxFilter.
Boosting up your internet speed
Some users reported that after they installed NxFilter on their network their Internet speed improved greatly. This is because NxFilter keeps local cache for DNS lookup. Suppose in your network everybody uses Google public DNS server. Their DNS queries need to be sent to the DNS server on the Internet and they need to wait for the response back from it. But if you have NxFilter in your network it keeps cache for the DNS response from its upstream DNS server and reduces the network traffic greatly and your users don’t need to wait for the response from a public DNS server on the Internet.
Even though it is faster and lighter to be compared to the traditional web proxy based filtering, DNS filtering had its own limit in the past. It did not support user authentication. This is natural because DNS protocol doesn’t have any authentication scheme. It was the biggest obstacle for a DNS filter to be employed in real world enterprise environment.
However, being a DNS filter, NxFilter provides 4 types of authentication methods for user identification.
- IP based authentication
- Password based authentication
- LDAP authentication
- Single sign-on with Active Directory
With NxFilter, you can differentiate users and apply a filtering policy based on user and group.
NxFilter supports application control through its agent that is NxClient. With this feature you can block UltraSurf, Tor, uTorrent, Skype, Minecraft and other applications you want to block.
* NxClient is a remote user filtering agent for NxFilter.
You just need to set up your DHCP server to make NxFilter as the DNS server for your network. Then your users will use NxFilter as their DNS server and they will be under filtering. Forcing filtering to users is also possible. You can block outgoing UDP/53 and TCP/53 except from NxFilter. In that way, NxFilter becomes the only DNS server your users can use.
It’s not just for HTTP traffic
With DNS filtering you can filter almost every protocol including HTTP, HTTPS, FTP, P2P as long as they use DNS.
In reality, these malwares and botnet programs are network server/client programs. And they are heavily relying on DNS protocol. NxFilter is capable of detecting malware and botnet based on DNS packet inspection.
Content filtering by NxClassifier
NxFilter does content filtering with its built-in website classification engine that is NxClassifier. With NxClassifier, you can classify a website into a certain category based on its contents. This means that you can block almost every website you want to block even if it is a new website which is not known to people yet.