DNSharmony®

The power of unity.
DNS intelligence aggregation facilitated by the adam:ONE® ecosystem.

How do you access the world’s best threat intelligence? Simple: By combining the world’s top sources of your choice to collaborate in real time.

Home and Small Business
DNSharmony® Home and Professional Packages.

Ideal for Home and Small Business
We understand that not everyone wants the level of protection that a full adam:ONE® ZTc node provides. It is for that reason that we decided to make it easy and accessible for families and small business owners that would like to apply Security, Privacy, Productivity Enhancement and Content protection at a minimal cost.

Choose from the basic Home package aimed at simplicity and family use, or the Professional package that is geared towards SMB commercial applications.

DNSharmony® is available as a self installable package for pFsense and ASUS Merlin WRT. The option for buying a pre-installed router for Home or Business use will be offered soon.

What DNSharmony® can do for you and the people you care about.

Enhanced Security.
Threat intelligence aggregation. Combine the protection of multiple sources. Block all known malicious domains. No endpoint software installation required. Protect all IoT or any device while connected to your network, regardless of operating system or device type.

Protection against harmful content.
Enforce Safe Search and Google / YouTube Safe Modes Block any unwanted domain.

Enhanced Privacy.
Block trackers and ads.

Productivity Enhancement.
Provide focus in work or school environments by blocking all distractions, social media or entertainment. Set Schedules to limit access to distractions.

Enterprise

DNSharmony® is an ADAMnetworks® Technology element that functions inside adam:ONE®. It allows for using multiple protective DNS resolvers via aggregation. Feedback on which policy or upstream resolver triggered a block is noted in your running log and you can assign custom policies to individual devices or groups of devices.

As part of adam:ONE® ZTc deployment, DNSharmony® is used as a DNS intelligence aggregation layer for adam:ONE® offering powerful customization. For those not yet ready for the security value of a Zero Trust connected environment, DNSharmony® could be used as the primary filtering technology to protect against known threats and harmful content.

Community Edition
The Best Things in Life are Free!

Best of all, there is a free version of DNSharmony® that is aimed at researchers and tech nerds that want to apply it for non-commercial personal use. This way you get to try us out to see if you like us and our products.

The Power of Unity

DNSharmony® allows you to have the following key wins for your network:

Resilience: Redundant DNS resolution facilitates resilience in the case that an upstream resolver is down.

DNS Intelligence aggregation: Combine multiple intelligence sources to greatly increase the effective value of your DNS filtering decisions, no matter what your aim with filtering is.

Device Agnostic Protection: Because adam:ONE® functions out of band, protection can be applied to any device connected to your network. No endpoint agent required. IoT and Smart Device friendly.

Visibility: adam:ONE® facilitates an internal real time log of all traffic filtering decisions.

Productivity: Increase productivity and reduce your attack surface by applying schedules.

Privacy: Block Trackers and third party ads per policy.

Security: Block all known malware and security threats that use DNS as part of the attack vector. By combining multiple intelligence sources, you greatly increase effectiveness.

Content Protection: Block all known harmful content destinations and enforce Safe settings on Compatible Search engines (Brave, Google, Bing & Duck Duck Go) + YouTube.

Per device / per group policy assignment: Assign policies per device and have full visibility to all devices connected to your network.

DynDNS: Facilitate Dynamic DNS through the adam:ONE® muscle.

Enterprise Application: (Requires an LTP License)

SIEM integration: As an enterprise, you can integrate into SIEM to provide a running log of all traffic filtering decisions and enrich the inputs with all DNS requests from your network. Enjoy powerful DNS intelligence analysis with multiple vendors.

AD integration: Assign policies by AD integration.

Flexible Layers: adam:ONE® can operate at layer 3 or layer 2. In deployments where every endpoint is layer2-visible to adam:ONE, additional value is created by real-time device inventory and automated policy assignment on a per-network basis.

Policy Enforcement:

By default, all of our deployments of adam:ONE® will intercept outbound TCP and UDP traffic destined for port 53. This has the result of enforcing all standard DNS traffic by your established policies. For example, a device could be manually set to 8.8.8.8 and still experience the exact same forced filtering as every other device that is set to obtain DNS servers automatically.

The result of default gateway-based forced DNS is security and convenience without easy circumvention of your policies by an endpoint. The below example shows Google SafeSearch being forced no matter whom you ask.

Terminal

    
No matter which DNS resolver is asked to resolve Google, only the forced SafeSearch answer is ever provided. Unsafe Google search is simply not available.

Choose your instruments

Protective DNS DNS Server IPv4 DNS Server IPv6 Blocked Destinations Blocked Answers
Quad9 9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9 Malware as identified by aggregate vendors NXDOMAIN
Cisco Umbrella 208.67.220.220, 208.67.222.222 2620:119:35::35 2620:119:53::53 Selectable Categories to Block OpenDNS block IP range
CleanBrowsing 185.228.168.168 185.228.169.168 2a0d:2a00:0001:: 2a0d:2a00:0002:: Safe for kids under 13, including Safety YouTube NXDOMAIN
Cloudflare (No Malware) 1.1.1.2 1.0.0.2 2606:4700:4700::1112 2606:4700:4700::1002 Malware known to Cloudflare 0.0.0.0
Cloudflare (No Malware or Adult Content) 1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003 Malware and Harmful Content known to Cloudflare 0.0.0.0
Control D - Malware 76.76.2.1 76.76.10.1 2606:1a40::1 2606:1a40:1::1 Malware by threat intelligence feeds 0.0.0.0
Control D - Family Friendly 76.76.2.4 76.76.10.4 2606:1a40::4 2606:1a40:1::4 Malware, Ads, Tracking, Adult Content, Drugs 0.0.0.0
Comodo Secure DNS 8.26.56.26 8.20.247.20 - Parked and malware domains 52.15.96.207
DNS Filter* 103.247.36.36 103.247.37.37 (and more for alternate profiles) - Adult Content 45.253.131.236
Webroot* 45.54.50.50 45.54.50.51 - Selectable categories to block 35.199.56.164

* requires an account & subscription/license

Distributed Sinkholing

Public Resolvers require dramatically more resource usage if they also offer block pages. Those additional resources pose additional resource exhaustion liabilities on sinkholing web servers. For this reason, DNS providers tend to respond with NXDOMAIN (or 0.0.0.0 or 127.0.0.1 )thereby reducing their own attack surface. However, the downside to this is that end users are provided no feedback, ie no block page(s). This is where the approach of distributed sinkholing applies. Block pages are served to internal networks, by the device running DNSharmony® through adam:ONE®.
The DNS and Traffic logs facilitated by adam:ONE® allows you to view resolution decisions in real time visible to your internal network only.

Distributed sinkholing also has the advantage of being local traffic only, thereby faster and consuming no WAN bandwidth at all. Blocked destinations are also not observable to the ISP.

Use Case Examples

Example #1:
A SFW experience through CleanBrowsing plus Quad9 threat intelligence protection as well as ad blocking from your own Pi-Hole.
Terminal

When we're asking ControlD, CleanBrowsing, Umbrella (from the perspective of the DNSharmony device) Only ControlD's ad-blocking service was blocking ad.doubleclick.net. so DNSharmony's decision is to block it, even though others allowed it.
Example #2:
Choose multiple public DNS filters and choose one to be dominant. The dominant wins in the event of different non-blocked answers.
Terminal

In this case, they were all permitted, but the reason DNSharmony choose CleanBrowsing is that it's the preferred result when all are allowed. This is because the desire in this policy is to use YouTube Safety mode, offered by CleanBrowsing.
Example #3:
Complimentary threat intelligence, but most importantly, offer end-users a complementary set of intel providers who otherwise don't work together: OpenDNS, Quad9 and even your own RPZs.
Terminal

Privacy and Security First

See our terms of use for details on how your DNS information is anonymized. DNSharmony® is also DNSSEC-aware, meaning your DNSSEC queries are honored and remain secured in transit. (adam:ONE® ZTc application of DNSharmony® includes full compatibility with DoH, DoQ and DoT. )

DNSharmony® Community US $0/mo Personal | Non commercial use only
DNSharmony® Home US $9.99/mo Home use only
DNSharmony® Professional US $99.99/mo SMB use