What is DNS Filtering?

Share this article on:

What is DNS filtering, how does it work, and why is it such an important cybersecurity measure for blocking phishing and malware attacks? In this post we will explain why DNS based filtering is so important and the benefits of internet content control for cybersecurity.

What is DNS Filtering?

The Domain Name System (DNS) is an integral part of the internet and is used to match alphanumeric domain names with the unique IP addresses that allow websites to be found by computers. When a request is made by a user to access a website by typing a URL into their browser or by clicking a hyperlink, before a connection is made the location of the website must be determined and that requires an IP address.

To find the IP address for a website a query is sent to a recursive DNS server. The recursive DNS server will contact other DNS servers to find the IP address. When the DNS lookup has been completed and the IP address found it is passed to the web browser, a connection is made, and the web content is loaded in the browser. The DNS is incredibly efficient at matching domain names with their IP addresses and the multi-step process is completed in a fraction of a second.

The DNS allows the location of websites to be found to enable the sites to be displayed in browsers, but no distinction is made between benign and malicious content. DNS filtering is a method used to filter out undesirable and malicious content.

The DNS is used as a basic, fast, low-bandwidth filter to make it harder for users to access malicious web content such as sites hosting phishing kits, exploit kits, or malware. Controls can also be applied to prevent users from visiting illegal or otherwise prohibited web content.

Using DNS Filtering for Web Security

Rather than using standard DNS infrastructure to perform DNS lookups and discover IP addresses, a DNS filtering service provider is inserted into the process. A service provider maintains a database of categorized websites that have been determined to be safe, along with blacklists of webpages that are not.

When users try to visit websites, the service provider will only provide DNS lookup requests if the website is safe and has not been blacklisted. Since websites have been categorized, content controls can be applied. If the administrator has set policies prohibiting the accessing of gambling websites, dating sites, gaming sites, and pornography, a connection to those sites will not be permitted.

With a DNS filter in place, when a user attempts to access a malicious or prohibited website, they will be directed to a local DNS block page and will be informed that the website cannot be accessed. By using this method of internet content control, costly phishing attacks, malware infections, and data breaches can be prevented.

Summary

DNS filtering is a fast and effective method of exercising control over the content that can be accessed by network uses and an important cybersecurity measure to prevent users from navigating to malicious web content. With a DNS filter in place, it is possible to block the majority of online threats before any harm is caused.

A DNS filter will allow you to:

  • Block the web-based component of a phishing attacks
  • Prevent malware and ransomware downloads from the internet
  • Control the web content employees can access and avoid HR issues
  • Control bandwidth use
  • Limit productivity losses

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On