JTN Jaringan Tanpa Nama

  How To Enforce Google Safe Search And YouTube Restricted Mode On Your Network Updated: 27 Aug 2025 With the release of  Technitium DNS Server  v5, a new feature called ANAME resource record has been introduced. ANAME resource record implementation is similar to the  IETF draft  with respect to its core functionality that allows adding a CNAME like functionality to the zone root. Essentially, ANAME is similar to CNAME except that the authoritative DNS server resolves the A or AAAA records by itself and returns them. The new release also adds Conditional Forwarder feature that can be combined with the ANAME feature to enforce Google's Safe Search or YouTube's Restricted Mode. To configure Google's Safe Search, you need to add a new "google.com" Conditional Forwarder zone with "Use This DNS Server" option enabled. The "Use This DNS Server" option tells the DNS Server to forward all the queries to itself so that you do not need to configure any o...

  The purpose of this lab is to show how Juniper policy-options can be used to automatically increase AS path length based on community tags attached to routes sent over BGP. BGP AS path length is one option commonly used to determine the best path to a route on the Internet. The AS path length can also be used to influence how traffic is returned when a specific path is required. In the diagram below, we see the network  10.103.0.0/16  is announced to 2 upstream providers. From the  Internet's  perspective there are 2 equal cost return paths. To avoid returning through  LogicalSystem-2 , we can increase the length of the AS path through this hop. BGP will select the route with the shortest hop count, eliminating  LogicalSystem-2  as a viable router. In this lab there are 2 routers  LogicalSystem-1  and  LogicalSystem-2 . There is no  router-3  as seen in the diagram above: Details Juniper Config We are going to configure ...

  Expanding on yesterday’s   BGP Peering   configuration. Today we enable basic BGP prefix filtering. Exchanging routes on the Internet through BGP requires a fair bit of trust in the downstream organization to only send routes they are authoritative for. Without proper filtering, anyone could announce Googles 8.8.8.0/24 route and potentially redirect this critical  DNS traffic back to a rogue location . For a service provider, it is critical to deny all inbound prefixes and only allow those which are properly authorized to do so. Proper  LoAs  and  routing registries  are necessary to validate subnet ownerships. Once ownership is confirmed, proper filtering needs to take place. Below is a basic BGP filter configuration to deny all prefixes and only allow subnets properly authorized by the BGP neighbor. Details Imported routes before BGP prefix filtering: jemurray@juniper-1# run show route receive-protocol bgp 192.168.99.1 logical-system LogicalSy...

  In this example, we provide the basic configuration for two Juniper vMX logical systems to exchange 6 eBGP routes with each other. Each major area of configuration is detailed with inline comments (#). The Configuration Create the logical systems point-to-point interfaces: # Logical System 1 # Each interface in a logical system needs a unique unit ID set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 description "LogicalSystem-2 P2P Interface" set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 encapsulation ethernet # The unit ID is used to connect the logical tunnel interfaces set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 peer-unit 201 # A /31 is used to conserve IP space (yes, you can use .0 as a valid interface) set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 family inet address 192.168.99.0/31 # Logical System 2 set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 description "LogicalSyste...