What is DNS filtering?

DNS filtering, also called DNS blocking, is a security measure that helps you steer clear of dangerous domains. DNS resolvers use blocklists containing harmful and suspicious IPs to prevent requests. It’s particularly beneficial for companies, who can use it to close gaps in their security by strictly regulating access to certain IPs.

What’s behind DNS filtering?

DNS filtering is a proactive security measure that blocks access to harmful, fraudulent or otherwise malicious domains. The Domain Name System (DNS) is used with DNS blocklists on a DNS server. The blocklist works together with a DNS resolver to prevent access to the listed sites. If people in a network try (knowingly or unknowingly) to access dangerous or forbidden domains, the DNS filter will reject every request, as long as that site is known and part of the blocklist.

What is a DNS blocklist?

The blocklist is the most important part of a DNS filter and is based on DNS lists that are regularly maintained by the IT security community or put together independently. There are also DNS filters that automatically update their lists by scanning websites. If malicious code is found on a website, that site’s domain/IP will go on the list. In this sense, DNS filters work much like a firewall or email blocklisting for domain name resolution.

A blocklist contains IP addresses associated with malware and domains that feature dubious or illicit content. That includes sites with illegal or adult content and sites that violate copyright. Companies that use DNS blocklists proactively defend themselves against damage by limiting the sites that people in the company network can access. The counterpart to blocklists are allowlists. With allowlisting, only sites on the allowlist can be accessed.

Tip

Play it safe with MyDefender by IONOS, and protect yourself from malware, ransomware, phishing and other cyber risks. Automatic backups, malware scans and data recovery are included.

What are the advantages of DNS filtering?

While DNS filters can also help private individuals, they’re mostly useful for company networks. Here are some advantages of DNS filtering:

Advantage 1: keep malware at bay

A DNS filter that blocks domains that are known to be dangerous or even scans pages before you visit them can help you to close important security gaps. This will help prevent malware from making its way onto the company network. For example, an email that looks deceptively real by using social engineering tactics could contain a dangerous link. All it takes is one person in your company network clicking on that link to infect the system with a virus. DNS filters can prevent that and provide you with an extra layer of protection against ransomware, spyware and scareware and defence against cyberattacks.

Advantage 2: prevent phishing

Phishing is the process of gleaning sensitive information like passwords and financial data, usually using fake sites that imitate legitimate sites. Phishing emails usually contain links to the fraudulent site. Then, when you think you’re logging into the legitimate version of the site, your data is actually being stolen on the phishing site. While it should be said that the people running phishing sites are constantly making new domains, DNS filters do still offer some security. Known phishing pages won’t be opened in the first place if they’re on the filter list.

Blocklists are no substitute for a healthy dose of scepticism and responsibility on the part of users. This kind of digital literacy also includes recognising phishing emails and recognising suspicious attachments as malware.

Advantage 3: prevent DNS spoofing

DNS spoofing, which is the manipulation of DNS name resolution, is another big problem to watch out for. In DNS spoofing, traffic is redirected from a legitimate site to a fraudulent site. So if someone enters the URL of the legitimate site into their browser, they will end up on the fraudulent site. DNS spoofing often lays the foundation for gleaning sensitive data via phishing and pharming. Reputable public DNS resolvers can help you prevent DNS spoofing with their data protection features and security features like DNS filtering.

Advantage 4: protect company networks

If you’re using a DNS resolver with a blocklist, you can count on a relatively secure DNS server. DNS filtering is thus an important part of protecting your private or company network. However, DNS filtering alone doesn’t provide comprehensive protection, so you should use it in combination with password protection, data backups, SSH keys for network connections and cloud access security.

How does DNS filtering work?

DNS filtering is as simple as it is effective: domain queries for websites are channelled through a DNS resolver, which finds their IP addresses using DNS name resolution. If the DNS resolver uses a blocklist, the query is checked against the list. If the IP address in question is on the list, the DNS resolver stops the name resolution.

List entries can contain domains or IPs. If a domain is on the list, the DNS resolver will stop attempting name resolution at this point. If it’s an IP on the list, the DNS resolver will attempt name resolution. If the domain belongs to the IP on the list, the query will then be stopped.