Quickstart

Creating the portal account

After accessing the URL from your activation email, you will be asked to setup the password for your account. We don’t enforce any password complexity, but we recommend using unique and non-trivial password. An unauthorized access would be a threat to users privacy and could misuse the configuration to harm your network.

_images/password_setup.png

After the password setup you will be asked to login using your username and newly created password.

_images/login.png

Right after the first login the tutorial will pop up and will guide you through the very basics of the Whalebone portal. You can skip the tutorial any time and get back to it later from the main menu (the question mark icon) option Start tutorial.

_images/help.png

Public network ranges

Public network range definition serves to distinguish individual customers and their users. It is necessary to include all the public network ranges that will be used by DNS resolver as well as the users browsing the internet. The definition is used to customize the block page appearance (described later). Single customer can manage more network ranges, such ranges can be assigned to localities to easily distinguish between logical network zones in DNS traffic audit and incidents.

_images/client_networks.png

Warning

Should you not fill in your public network ranges, cloud resolvers will serve as a simple DNS resolvers without any filtering. If you use local resolvers, you still have to input your network ranges to display fully customized blocking page (sinkhole) to the blocked users.

  • Into the field Add new network insert one or more network ranges using notation <network address>/<mask>, e.g.: 198.51.100.0/24
  • Press button Add networks to add changes
  • Don’t forget to save your new setup through the Save button

Tip

While testing Whalebone (e.g. through adding a testing domain into blacklist) don’t forget that many DNS records could be recently in the DNS cache anywhere between the resolver and the user (including the browser, operating system or forwarders). Testing right after the configuration change could therefore fail and the timespan before the protection becomes active could vary based on the TTL of the particular DNS record (should all the caches along the way actually honor the TTL value).

Feed filtering options

Every Threat Intelligence Feed could be setup in a different manner. As long as the button Uses recommendation is pressed the configuration is left to the Whalebone specialist and it honors the Whalebone best practice. If you prefer your own configuration you can choose from these three options:

  • Block
  • Audit
  • Disabled
_images/feeds.png

Cloud DNS resolvers

You should forward your DNS traffic towards Whalebone cloud resolvers if this is your preferred deployment option. Cloud resolver are available on two independent IP addresses: 52.169.120.89 52.166.249.114

_images/resolver_ip.png

Always use both IP addresses in your configuration The guarantee of availability of the DNS resolution service is applied only in cases where both of the IP addresses are configured to use primary and secondary resolvers automatically.

DNS traffic

Should the traffic be properly forwarded on Whalebone DNS resolvers (cloud or local) the DNS traffic will be visible under the menu option DNS traffic, where the individual request and responses are available for further investigation. The traffic should be visible in several minutes after everything has been properly setup. If there is no traffic recorded even in several hours don’t hesitate to contact Whalebone support to help you doublecheck the configuration or any sort of network issues.

_images/dns_traffic.png

The DNS resolution check could be also done manually on Windows or Linux machines through nslookup tool. Set the Whalebone resolver IP and try to resolve an existing domain name.

_images/nslookup.png