DNS Filtering

How It Works: DNS Filtering

There are certain organizations, mainly Internet Service Providers, that purchase hardware and software solutions that sit between users and the Internet. DNS filters allow users to filter out certain domains without having to purchase any hardware. Most corporate offices have firewalls that help protect the network, but what happens when an employee is working from home, travelling, or is sitting in a coffee shop?

How Does It Work?

Domain Name System (DNS) is a service that allows easy to remember domain names to be associated with unique IP addresses – such as example.com – rather than typing in very difficult to remember IPs like 192.31.46.91.

Briefly, when a domain is purchased from a domain registrar and that domain is hosted, it is assigned a unique IP address that allows the site to be quickly located. When you attempt to access a certain website, a DNS query is performed. Your DNS server will search for the IP address of the domain, which will allow a connection to be made between your browser and the server where the website is hosted. Once the connection is complete, your browser will display the webpage.

DNS filtering is a technique of blocking access to certain websites, webpages, or IP addresses.

With DNS filtering in place, the DNS server will not return the website even if its IP exists, the request will be checked first. Every time a webpage or IP address is known to be malicious and blacklisted or is determined to be potentially malicious by the web filter, DNS blocking occurs. So, instead of being connected to the website the user is attempting to access, he/she will be redirected to a local IP address that displays a page explaining why the website cannot be accessed.

Since DNS filtering is low latency, there should be no delay in accessing websites that do not breach your organization’s security policies.

How efficient is a DNS Filter?

Unfortunately, DNS filtering cannot block all malicious websites, because in order to do so, a website must be determined to be dangerous. If a hacker launches a new phishing website, there will always be a delay between when the page is created and the moment it is checked and added to a blacklist.

Can DNS Filtering Be Bypassed?

It can be. Proxy servers and anonymizer websites could be used to mask traffic and bypass the DNS filter unless the chosen solution also blocks access to these servers and websites. For a Proxy server you will need to know its IP address and you can get that from your Web server’s logs.

For most Internet users, a DNS filter will block any attempt to access forbidden or harmful website content.

Cybersecurity is much more complex, especially nowadays, so there is no single solution that will allow you to block 100% of malicious websites, but DNS filtering should certainly be part of your cybersecurity plan as it will block most malicious websites.