DNS Redirector
 Return to FAQ List

FAQ 126: Best practices for public networks

Category: Troubleshooting | Updated: 02/19/2011 2:13 PM

When providing Internet access to the public (wired and/or wireless connections) here's a few things to keep in mind...

1) DNS Redirector only manipulates DNS, and intentionally no other traffic; if you want to create a fair usage scenario invest in a hardware firewall/router that allows for QoS rules (to limit/guarantee minimum bandwidth per-client) and packet inspection (to limit P2P/file-sharing and other bandwidth intensive applications) for example...
Cisco ASA 55xx series
Cisco Small Business RV1x, RV2x, or RV3x series (do not pick the older RV0x series)
Peplink Balance series

2) Don't overload your access points; an access point is like a hub and your average AP with a 10/100 Ethernet port can sustain around 24 clients depending on bandwidth usage.

3) Use only non-overlapping channels 1, 6, and 11. Other channels, including those used by neighboring networks that you cannot control, may interferer with the performance of your network.

4) Keep your internal/office network completely separate from the guest network to prevent hacking, see Network Examples.

5) Are you legally allowed to resell or distribute Internet provided by your ISP? Check your SLA or TOS first.

6) Are you required to retain the MAC address and IP of clients who connect? This may be used (or in some jurisdictions required) by law enforcement to determine abuse or violation of network policies, see FAQ 62.

Related articles
FAQ 65  Best practices for speedy DNS resolution

DNS Redirector | Legal Information | 2003-2017