DNS Content Filtering Implementation

DNS content filtering implementation, also referred to as Domain Name System filtering, refers to a security solution that will prevent access to listed web pages and IP addresses.

If you are unaware, a DNS is a number that represents your website on the Internet. Rather than have us enter the number every time we need to find a website the DNS is represented by the URL that we register for our websites.

Upon purchased, a domain name is given a unique IP address that means the website can be located on the Internet. So loading a website, i.e. entering a URL, leads to a DNS query being logged. This is where your DNS server searches for the IP address of the domain/webpage. Once located your web browser completes a connection to the web server where the website is hosted. Following this the website is accessed. These steps are completed in the blink of an eye.

Once you have configured DNS filtering a DNS request will only be processed if certain conditions are met. For example if a particular webpage or IP address is known to be malicious, upon checking it against blacklists, then it will be blocked. If the website content that is requested does not comply with preset policies an error page will be loaded to outline why access is not permitted.

DNS content filtering is implemented directly on your router using the control panel provided by your ISP or web filter vendor. These service providers give your security solution access to a blacklist of malicious web sites and IPs which are known to be used by cybercriminals. DNS filtering is low-latency so it will not slow you down when you are trying to log on to websites that are not deemed dangerous to your databases.

It must be recognized that no DNS filtering solution that can be 100% certain it will prevent every attack that your organization is subjected to. This service is simple for preventing access to websites that have previously been found guilty of being used by hackers. Before a website can be blocked if it must appear on a blacklist. Even so DNS content filter will stop most dangerous websites from being viewed within your network.

In the United States, schools and libraries in the United States must be able to prove compliance with the Children’s Internet Protection Act (CIPA) in order to be eligible for e-rate discounts and qualify for federal grants. One of the chief ways of becoming eligible for this is to install a content filtering solution to prevent access to inappropriate material that could cause trauma for minors.

Simple to configure and not cost prohibitive, DNS content filtering is a straightforward way to achieve CIPA compliance on wired and Wi-Fi networks. There is no hardware purchase necessary, no software installations and management is minimal.

Are Staff Able to Get Around DNS Filtering?

There is a chance that a cybercriminal could use proxy servers and anonymizer sites in order to stop your solution from identifying it. However, the DNS filtering service you configure will give you the power to prevent anonymizer websites being used and only permit the use of proxy servers and virtual private networks (VPNs) after official authorization is given.


Is it possible to view employee Internet activity in real-time?

Yes. Most DNS filtering solutions have reporting options that allow administrators to see the content that is being accessed by users of wired and Wi-Fi networks in real-time. You can also view the web activity of individuals users in real-time.

Is it legal to snoop on employee Internet activity?

Yes. You should explain your acceptable Internet policies to new employees during the onboarding process and inform them that Internet activity is monitored. You should also explain the sanctions policy if employees violate your company’s acceptable Internet usage policies.

How can a DNS filter block malware downloads?

DNS filters use blacklists of websites known to be used for malware distribution and access to those sites will be blocked. You can block risky categories of website where malware downloads are more likely, and you can restrict the types of files that can be downloaded from the Internet, such as executable files and installers which are often used to install or download malware.

Can DNS filters be used to protect remote workers and WFH employees?

Yes. WebTitan Cloud, for instance, provides roaming agents that can be installed on remote workers’ devices that will extend your DNS filtering capabilities to cover remote/WFH employees, no matter where they choose to access the Internet.

How much does DNS filtering cost?

Naturally there is variation in pricing between different security vendors. Commercial DNS filtering solutions typically start at around $1 per user, per month, with discounts often available for multi-year licenses.