DNS Network Managament

I have found that managing the DNS block list for multiple networks is annoying because different networks could want different domains blocked. So I want to create a SaaS that would allow IT staff to monitor and manage multiple networks from one place. Would a service like this be of use and does it solve any potential problems that the church community may have? No network changes are needed other than changing the router’s DNS settings. The service would be able to block ads or any other unwanted domains.

Greg - This is a useful service, and a variety of companies already offer it.

Not saying there isn’t room for more people, but if you are going to seriously consider building this, I’d recommend you do some additional market research to determine what your value proposition will be.

Notable players include ChurchDNS, Cisco Umbrella, SafeDNS, DNSFilter, and probably many more.

There are also numerous on-prem products that can either manually or with some script automatically, share filtering lists or profiles.

Best of Luck! - Karl P

I have been asking around on other forums are your response is the best one I have gotten by a long shot. Thanks!

ChurchDNS is basically exactly what I was going to try and build.

Okay, coming in from the MSP that services churches point of view, yeah, it’s super useful as part of the security stack, but that’s why the big players have come in and have numerous products in that space. Honestly, I wouldn’t rely on that as a core product to sell as part of a startup venture given the space is largely dominated by Cisco Umbrella with Webroot and Webtitan among others trying to eat their lunch. Even Comodo is in on the action with a free product (dome). Realistically, your service needs an agent as well because the mobility aspect of DNS filtering has to be addressed by your product (customers always want the laptops that leave the office to still be protected). I suspect people would be interested in it more if it was part of a more comprehensive security stack because there is interest from churches in protecting data these days.

That being said, if you want to try to jump directly into the space and deliver a SaaS product, NxFilter is an economical place to start that doesn’t require re-inventing the wheel, that or build up enough client base that you can resell one of the big players like Umbrella at scale, but by itself the margin won’t likely be enough because you usually need at least 50~60% product margin in the SaaS industry… it sounds like a lot, but that’s baseline to develop, grow, and stay open, you will also need a significant client base to make a $1~4 per user product viable. Again, this is why I strongly encourage you to build a service that includes DNS filtering as one part of a more comprehensive service.

I would want to go back a step and ask what exactly are you trying to protect against and what behaviours are causing you a problem. Using a DNS block list may not be the best approach.

If you are looking to control DNS security, then OpenDNS is a good place to start and configure your router for that.

If you are looking at Ad blocking, then there is a good application called AdGuard, which is a proxy-based system that runs on the local PC or tablet device and works very well at cutting out adverts and undesirable material. Unfortunately there is not a proxy server option for this, which is kind of what I think you are looking for.

The other route to go is a full blown proxy server, of which Squid is the standard open source version. This pre filters all web requests and content flowing back on each html item request. Using this approach means you can intercept Ads or other rogue material one at a time. Squid has a companion add-on called Dan’s Guardian that allows you to filter content, but also manage site lists. Not sure if it will do all you want, but it may provide you with a base platform onto which you can build your custom filtering

Another commercial product I came across years ago was from BlueCoat Systems, which was absolutely fantastic, with real-time blocking and global updates. Not sure if they are still operating or operating under a different brand now, but definitely worth a look.