What is DNS Blocking?

DNS blocking is a form of content control that prevents individuals from accessing certain types of web content, such as webpages hosting phishing kits or malware.

What is DNS?

Every device connected to the internet has a unique IP address that allows it to be identified and located. While IP addresses are computer-friendly, they are not human-friendly. Memorable domain names are therefore used, but these need to be matched with IP addresses. That task is performed by the Domain Name System (DNS).

The DNS is hierarchical and decentralized naming system for computers and other resources connected to the internet. The DNS acts like an address book for websites. When a user types a website name into their web browser, a DNS lookup is performed to find the corresponding IP address. A query is sent to a recursive DNS server, which makes contact with other servers to find the IP address of the website. If the website exists, the IP address is returned and provided to the browser.

Content Filtering Using a DNS Block

DNS-based content filtering is a form of internet content control that works at the DNS level. When a user attempts to visit a website, such as by clicking a hyperlink in an email or entering a URL into their web browser, a DNS lookup is performed, the IP address is found, and they are directed to the website.

With DNS content filtering, before the IP address is returned, various checks are performed to determine if the website should be loaded. If the website violates policies that have been set in a DNS content filtering service, the website will not be displayed. Instead the user will be directed to a pre-configured DNS block page that explains that the website cannot be viewed because it violates the organization’s internet usage policies. If the website does not violate any policies, the IP address is returned, and the website will be displayed.

Advantages of DNS Blocking

DNS blocking has advantages over other forms of internet filtering. Since DNS blocking occurs at the DNS lookup stage, all internet filtering takes place before any content is downloaded so there is no impact on the speed at which webpages are loaded. Provided a website is not blocked, an end user will be unaware that any internet filtering controls are in place.

To filter the internet, it used to be necessary to purchase a physical appliance, through which all internet traffic is routed. The appliances can be costly, and they have limited capacity. To increase capacity, further appliances need to be purchased. There can also be latency issues with appliance-based filtering, which are avoided with DNS blocking.

DNS blocking takes place in the cloud so there is no requirement to install software and no additional hardware is required to block DNS and filter the internet. You just need to sign up and use a DNS filtering service. After purchasing the solution, you just need to direct your DNS to the service provider’s DNS servers. The process takes just a few minutes.

DNS filtering services are important for cybersecurity as they prevent employees from visiting malicious websites such as those used for malware distribution and phishing. These services can also be used to apply content controls to prevent employees visiting productivity-draining websites at work and viewing NSFW content such as pornography.