DNS Filtering at a glance

What is DNS

To explain what DNS (Domain Name System) is, let’s resort to a very widely used metaphor – DNS is a phone book for the internet. To access a domain/site, we habitually type in the browser the necessary domain name, like nyt.com. However, to load this site on your web connected device, your internet browser uses this site’s IP (Internet Protocol) address, a numerical combination of digits and dots, like, for The New York Times site.

The DNS protocol is used to translate a domain name into the numerical combination the internet browsers operate with. For us, humans, it is much easier to memorize the name of a site, like nyt.com, rather than a numerical combination of 8 digits or longer. Imagine how many numerical combinations you should have memorized to reach your favorite domains if there were no DNS! The DNS protocol is at the very heart of the internet as DNS is indispensable for accessing domains.

Why is there a necessity for DNS filtering

Now we’ve found out what DNS is, it is time to better understand what DNS filtering is and what it is needed for. DNS filtering is a technique of blocking access to certain websites or entire groups of websites with the similar content. This is all about user online safety, not about internet censorship.

Experienced web surfers know, one can find anything on the internet – literally, the content users consider useful, work-related, entertaining, of educational value as well as the most gross, heinous stuff no sane person would ever like to see – like, adult and child sexual abuse, terrorism-related content, etc.

And the thing is, internet users often stumble upon the unwanted stuff even without actively looking for it. For example, adult and even porn images can appear in online ads, found all over the internet, whether site visitors want to see such ads or not. Just think of harm children can come to when accessing age-inappropriate and dangerous internet resources.

Young web surfers are easily lured to make in-app and online purchases with their parents’ hard-earned money. Kids have little understanding if they can really afford these purchases (usually, not) and how much such purchases are worth.

You can unintentionally click a phishing link and leave your personal information to phishers who then can use it to harm you in lots of different ways – from publishing this personal info and the most private of your images online to selling your personal info to internet bad actors for their shady purposes to stealing your identity and your

money from a bank account, to name just a few.

In case internet users reach a malicious resource, they risk infecting their devices with several kinds of malware. It can wreak an irreparable havoc on the operating system of these devices. And they can become a source of malware infection for any network the infected devices connect to. Getting rid of malware often requires expensive expertise and, at times, is just impossible.

DNS filtering is what SafeDNS provides and what can be of immense help for you to prevent the cyber threats mentioned above! According to cyber security researchers, over 90% of malware uses DNS to carry out malicious campaigns. That is why controlling and filtering DNS is of paramount importance for protection against dangerous internet resources.

DNS filtering has an edge over other filtering techniques, based on different internet protocols – DNS filtering helps to block encrypted (HTTPS sites) as well as unencrypted (HTTP sites) internet traffic. It is possible because DNS is higher up in the internet protocol hierarchy, than most other protocols.

This ability to block HTTPS sites is important due to the fact that the number of these sites grows by the day as encryption improves user security. The popularity of HTTP sites decreases, especially since Google has started to consider such sites unsafe.

How does DNS filtering work

Any DNS filtering system operates on analyzing and processing user DNS queries. Namely, when you type a domain name, like, nyt.com in the internet browser, the browser queries a DNS server to resolve this domain name into an IP addresses. If this DNS server belongs to a DNS filtering provider, of which you are a user, each of your DNS queries is analyzed to make sure you are requesting a website that is allowed by your filtering rules. If this is the case, your DNS query is successfully resolved into the requested domain, nyt.com.

If the requested domain is not allowed by your filtering rules or belongs to your black list of domains, which are always banned, nyt.com will be blocked. It means the domain is not loaded on your internet browser and you can not access a single page of this domain. Instead of nyt.com, users are going to see a block page with some information on why the requested domain is blocked.

Well, blocking nyt.com might be needed, for example, to prevent a distraction from performing work duties. This internet resource is definitely not a dangerous one. But there are millions of internet resources that are extremely dangerous and harmful. For an ordinary web surfer it is impossible to know in advance how good or bad this or that unknown domain is. As there are hundreds of millions of domains on the internet.

Besides, even a familiar site, especially modestly sized and little known one, can become unrecognizable in a short period of time. If you have not visited this site for a couple of months, you should be prepared its content is changed – from innocuous one to something entirely inappropriate for you. Cause everything on the internet changes quickly and quite unpredictably.

There are dozens of DNS filtering solutions, available to users all over the world. The corner stone of a really high quality DNS filtering solution is a precise, dynamically updated domain database, that includes, at the very least, the most popular internet resources.

The database should be capable of categorizing domains correctly. Only then the DNS filtering solution, can recognize the content categories a specific domain belongs to. If this is not the case, users of this DNS filtering solution will have issues with either overblocking or underblocking.

This means that poor web categorization quality leads to a situation when sites are miscategorized – they are recognized as ones belonging to an incorrect content category. Then good and useful sites are blocked and dangerous and unwanted ones are allowed – which is pretty disappointing.

SafeDNS has created a huge, exceptionally accurate web categorization database with over 105M internet resource, categorized into 60 content categories. Our DNS filtering causes no overblocking or underblocking issues. This has been proved over 4 consecutive years during tests conducted by AV-Comparative, a world-known test lab. During these tests SafeDNS has had no false positives.

DNS filtering can be applied at an individual device level, at WiFi router/firewall/server level or at the level of your internet service provider (ISP). Home and corporate users can easily get DNS filtering at the first 2 levels out of the 3 – from a DNS filtering solution vendor. It usually allows more flexibility with filtering policies, than ISPs can offer.

Keep in mind, to ensure your DNS filtering solution works as intended, you should stick to its vendor’s technical recommendations – what devices and how exactly this solution is installed on, what features are available for free and what you get for a fee. it’s important to know if the DNS filtering solution requires updates – which can be free for life/a limited period time (and can be paid after that).

How you benefit from DNS filtering

When you start using the DNS filtering, you will benefit in a number of ways. The main one is that blocking access to dangerous sites with a DNS filter prevents any possible harm done. You and your kids, your network users will see no gross, explicit, inappropriate content. Malware propagating sites are not going to infect your devices. Phishers will make do without your personal and corporate info. As DNS filtering blocks access to an unwanted website before it loads in the browser and gets any chance of harming you and your loved ones, your personal information, device, its operating system and any data stored on this device.

So, drive your internet security by filtering out malicious and phishing resources. Safeguard your children from unwanted internet content at home, places of learning and leisure by blocking anything you hate about the web – porn, gaming portals, social media, etc. Save your organizations resources and work time by ensuring your staff stick to doing their job, not social media feeds, the PornHub content or YouTube pet videos and online stores – just ban on your corporate network any irrelevant, non-work related sites. Attract more patrons and guests with kids to public venues, protect their reputation offering visitors a safer and child-friendly guest WiFi by filtering out any internet resources you find inappropriate for users of wireless networks at public places.

Check out how SafeDNS provides enterprise security:

Featured Posts