Technical Requirements

The only requirement for ISPs to capture DNS errors is the integration of a Barefruit BIND, PowerDNS or djbdns patch into their DNS Software installations running on existing DNS Resolvers. No extra hardware is required. It is also possible to integrate the Barefruit solution into DNS infrastructures that use bespoke or non-standard DNS caching systems.

The Barefruit DNS solution only captures NXDomains resulting from 'A' Resource Record requests. The captured NXDomains are subject to further filtering via a simple, user-definable rules-based system with an additional option of applying IP definable Action Control List's (ACL). This gives the ISP complete confidence that no valid user traffic is being intercepted.

To implement the Barefruit HTTP solution it will be necessary to use an in-line device, for example a proxy device or a DPI system to intercept returning HTTP errors. Barefruit software patches or policies are available for Blue Coat, Squid and NetCache proxy systems.

For Squid and NetCache solutions, it will also be necessary have a Barefruit ICAP server installed in close networking proximity to the proxy device. For Blue Coat systems there is no requirement for extra hardware. Alternatively a proprietary Barefruit device can be provided to intercept HTTP errors at no cost for ISPs who do not currently use any of the above hardware.