Deledao ActiveScan, presented by Hāpara: DNS solution and BYOD Follow
In this article:
- DNS solution overview
- Network-based solution
- Support multiple DNS rules
- PAC URL-based solution
- BYOD filter solution
- Limitations
DNS solution overview
The Deledao ActiveScan, presented by Hāpara DNS protection can easily filter all the devices, including guest devices, on your network. It's automatically enabled if the public-facing IP addresses of the school are registered with us.
Network-based solution
This requires pointing the DNS server of a network to our DNS servers. Detailed DNS configuration instructions are found on the web filter Admin Console > Deployment > Guest Devices Protection.
For this solution, only the Default rule can be used for filtering, and users will have their identity shown as "School Student," as the web filter doesn't know the user ID.
If our DNS servers are set on your campus-wide network, not just the guest wifi network, the DNS solution will preempt the Chrome extension in terms of blocking. For instance, if the social network category is blocked and a student attempts to visit facebook.com, the student's search will be stopped by the web filter DNS server before the extension kicks in. In this case, it will also be logged as “School Student.”
Support multiple DNS rules
With DNS solution, admins can apply different filter policies other than Default to different networks based on public IPs. For example:
PAC URL-based solution
This requires support from MDM by pushing out a PAC URL to each device, and the user ID can be embedded in the URL. The specific policy applied will be determined by the user ID embedded in the PAC URL. See Proxy installation/PAC file deployment - Mac for additional information.
BYOD (Bring Your Own Device) filter solution
BYOD devices will mainly be covered by the web filter DNS solution.
Our DNS solution is an auxiliary solution for BYOD devices and is usually only set up on guest Wi-Fi networks.
Certain filtering features are not available in our DNS filtering solution.
Limitations
- The Policy Rule features are limited to only the Default rule (other created rules will not be applied).
- It also cannot do text, image or video filtering.
- Filtering is based on the domain name, i.e. the web filter will determine which domains to block by using a pre-existing category domain name list and real-time AI analysis won't be enabled. Thus, there isn't the function of determining whether new sites fall into that blocked category.
- If a student using a school-issued Chromebook (and uses DNS) signs in with their school Google account, their activities will always be logged with their username, whether on or off campus.
- It is recommended to install our certificate into the device to avoid a warning in the browser regarding an untrusted certificate. Regardless of the certificate being installed, blocking will still occur with the only difference being whether the blocking page can be presented without a warning for HTTPS websites.