DNS filtering, also called DNS blocking, is a security measure that helps you steer clear of dangerous domains. DNS resolvers use block­lists con­tain­ing harmful and sus­pi­cious IPs to prevent requests. It’s par­tic­u­lar­ly ben­e­fi­cial for companies, who can use it to close gaps in their security by strictly reg­u­lat­ing access to certain IPs.

What’s behind DNS filtering?

DNS filtering is a proactive security measure that blocks access to harmful, fraud­u­lent or otherwise malicious domains. The Domain Name System (DNS) is used with DNS block­lists on a DNS server. The blocklist works together with a DNS resolver to prevent access to the listed sites. If people in a network try (knowingly or un­know­ing­ly) to access dangerous or forbidden domains, the DNS filter will reject every request, as long as that site is known and part of the blocklist.

What is a DNS blocklist?

The blocklist is the most important part of a DNS filter and is based on DNS lists that are regularly main­tained by the IT security community or put together in­de­pen­dent­ly. There are also DNS filters that au­to­mat­i­cal­ly update their lists by scanning websites. If malicious code is found on a website, that site’s domain/IP will go on the list. In this sense, DNS filters work much like a firewall or email block­list­ing for domain name res­o­lu­tion.

A blocklist contains IP addresses as­so­ci­at­ed with malware and domains that feature dubious or illicit content. That includes sites with illegal or adult content and sites that violate copyright. Companies that use DNS block­lists proac­tive­ly defend them­selves against damage by limiting the sites that people in the company network can access. The coun­ter­part to block­lists are al­lowlists. With al­lowlist­ing, only sites on the allowlist can be accessed.

Tip

Play it safe with My­De­fend­er by IONOS, and protect yourself from malware, ran­somware, phishing and other cyber risks. Automatic backups, malware scans and data recovery are included.

What are the ad­van­tages of DNS filtering?

While DNS filters can also help private in­di­vid­u­als, they’re mostly useful for company networks. Here are some ad­van­tages of DNS filtering:

Advantage 1: Keep malware at bay

A DNS filter that blocks domains that are known to be dangerous or even scans pages before you visit them can help you to close important security gaps. This will help prevent malware from making its way onto the company network. For example, an email that looks de­cep­tive­ly real by using social en­gi­neer­ing tactics could contain a dangerous link. All it takes is one person in your company network clicking on that link to infect the system with a virus. DNS filters can prevent that and provide you with an extra layer of pro­tec­tion against ran­somware, spyware and scareware and defense against cy­ber­at­tacks.

Advantage 2: Prevent phishing

Phishing is the process of gleaning sensitive in­for­ma­tion like passwords and financial data, usually using fake sites that imitate le­git­i­mate sites. Phishing emails usually contain links to the fraud­u­lent site. Then, when you think you’re logging into the le­git­i­mate version of the site, your data is actually being stolen on the phishing site. While it should be said that the people running phishing sites are con­stant­ly making new domains, DNS filters do still offer some security. Known phishing pages won’t be opened in the first place if they’re on the filter list.

Block­lists are no sub­sti­tute for a healthy dose of skep­ti­cism and re­spon­si­bil­i­ty on the part of users. This kind of digital literacy also includes rec­og­niz­ing phishing emails and rec­og­niz­ing sus­pi­cious at­tach­ments as malware.

Advantage 3: Prevent DNS spoofing

DNS spoofing, which is the ma­nip­u­la­tion of DNS name res­o­lu­tion, is another big problem to watch out for. In DNS spoofing, traffic is redi­rect­ed from a le­git­i­mate site to a fraud­u­lent site. So if someone enters the URL of the le­git­i­mate site into their browser, they will end up on the fraud­u­lent site. DNS spoofing often lays the foun­da­tion for gleaning sensitive data via phishing and pharming. Reputable public DNS resolvers can help you prevent DNS spoofing with their data pro­tec­tion features and security features like DNS filtering.

Advantage 4: Protect company networks

If you’re using a DNS resolver with a blocklist, you can count on a rel­a­tive­ly secure DNS server. DNS filtering is thus an important part of pro­tect­ing your private or company network. However, DNS filtering alone doesn’t provide com­pre­hen­sive pro­tec­tion, so you should use it in com­bi­na­tion with password pro­tec­tion, data backups, SSH keys for network con­nec­tions and cloud access security.

How does DNS filtering work?

DNS filtering is as simple as it is effective: Domain queries for websites are channeled through a DNS resolver, which finds their IP addresses using DNS name res­o­lu­tion. If the DNS resolver uses a blocklist, the query is checked against the list. If the IP address in question is on the list, the DNS resolver stops the name res­o­lu­tion.

List entries can contain domains or IPs. If a domain is on the list, the DNS resolver will stop at­tempt­ing name res­o­lu­tion at this point. If it’s an IP on the list, the DNS resolver will attempt name res­o­lu­tion. If the domain belongs to the IP on the list, the query will then be stopped.

Go to Main Menu