What is Segment53?

O recurso Segment53 permite criar múltiplos segmentos com diferentes endpoints para Do53, possibilitando que um único IP seja associado a diversos segmentos da rede, cada um com suas próprias políticas de controle e segurança. Dessa forma, é possível aplicar regras distintas para sub-redes e dispositivos conectados por um mesmo link de internet.

Top benefits

• Flexibility in policy management
  
  • Allows you to configure different security and content control policies for different segments of your network.
  • Ideal for companies that need to manage networks with different types of users.

• Integration with VLAN networks
  
  • Native support for networks using VLANs, allowing specific policies to be applied per segment in a simple and efficient manner.
  • Optimizes the management of segmented networks and improves the security of corporate environments.
• IP Optimization
  
  • Use a single public IP to link up to 4 different segments.
  • This reduces the need for multiple public internet IPs, lowering costs and simplifying network management.
• Enhanced security
  
  • Apply specific policies for each segment, ensuring adequate control and customized protection.
  • Example: Block specific websites on visitor Wi-Fi while maintaining unrestricted access for administrative departments.
• Easy integration and configuration
  
  • Intuitive interface that allows you to configure segments and link IPs in just a few minutes.
  • Fully integrated with the Lumiun DNS platform.
• Scalability for corporate networks
  
  • It serves networks of all sizes, from small businesses to large corporations.
  • Perfect for MSPs looking to offer more comprehensive and customized solutions to their customers.

Why use Segment53

Before Segment53, a network using Lumiun DNS through the Do53 protocol could only apply a single DNS filtering policy to the entire network, considering the scenario in which all devices connect to the internet from the same connection (with the same public IP). Through router settings, depending on the model, it was possible to create a single alternative, which was to exempt a set of devices from the filter, leaving them unprotected. Another option was to make specific settings on each device to use DoH or DoT in order to be linked to different policies.

However, there are scenarios in which it becomes important to apply multiple internet access filtering policies, with different rules for each subnet or set of devices that share the same internet connections, performing configurations only on the routers. To implement this in a very easy and hassle-free way, you can use the traditional DNS protocol on port 53—which is compatible with all routers on the market—together with the Segment53 feature.

Segment53 allows you to view internet access reports separately on the Lumiun DNS dashboard and apply different policies for each internal subnet. All this without requiring the installation of additional software or hardware and using only the Do53 protocol. For more advanced configurations, on routers or servers compatible with DoH and DoT protocols, for example, Lumiun DNS also offers support.

Examples of scenarios for Segment53

Here are some examples of scenarios that can be easily implemented using Lumiun DNS with Segment53.

• Scenario 1 - Network with VLANs
  The network is organized into four VLANs, each with separate DHCP settings, and all traffic passes through the same internet connections. In this scenario, it is possible to create separate locations in Lumiun DNS, one for each VLAN, and have the DNS queries from each VLAN pass through different internet access policies and produce independent access logs and reports.
• Scenario 2 - Network with Wi-Fi routers in router mode
  The company's local network has three wireless routers operating in router mode. The three Wi-Fi networks need to have different rules for allowed and blocked sites, and these routers do not support DNS protocols other than Do53. Through Segment53, you can register the three networks on Lumiun DNS, identify each network's queries separately, and apply different policies.
• Scenario 3 - Networks with administrative subnet and visitor subnet
  The company has multiple units, each with its own internet link and two internal networks: an administrative network and a guest network. In this situation, using Segment53, it is possible to: create one policy for all administrative networks and another policy applied to all guest networks; or create an individual policy for each of the networks in each unit. As needed, the customer can merge these configurations in a flexible and adaptable way to their own scenario.
• Scenario 4 - MikroTik or pfSense router with a default policy and other special policies.
  The network has a MikroTik or pfSense router as its gateway, and it is necessary to apply a standard browsing policy, except for certain devices, identified by their IP addresses, which need to receive other policies with more allowances or more blocks. In this scenario, it is possible to use Segment53, together with DNAT settings for port 53 and DoH/DoT filtering, to apply a standard policy and create other policies for specific devices.