Web Security

What Is DNS Web Filtering, And How Does It Work?

DNS Filters can be an important tool to protecting users against malicious web content. In this guide we cover how DNS filtering works, and why it’s important.

What Is DNS Web Filtering, And How Does It Work?

Web-based cybersecurity threats such as malware and phishing attacks are a serious risk for organizations of all sizes. Four in ten businesses (39%) have reported being affected by cybersecurity attacks in the last 12-months alone

For this reason, it’s critical that organizations have strong protection in place to prevent users from being able to access malicious web pages on corporate devices, especially in the new normal age of hybrid working and the ‘Bring-your-own-device’ policies companies are adopting.

One of the most important tools for organizations to prevent access to malicious web content is a DNS web filter. In this guide, we’ll take an in-depth look at DNS Web Filtering and how it works.  

What Is DNS Web Filtering?

DNS Filtering is a category of web security solutions that allow admins to prevent users from accessing unwanted web content. This works by filtering domains or IP addresses at the Domain Name System (DNS) level.

When enabled, DNS filtering solutions allow admins to prevent users from accessing malicious websites, or any other pages that go against company policies. 

DNS Filtering also gives admins more overview into the web content that users are accessing, showcasing potential risks, and alerting admins when threats have been blocked.

What Is DNS?

DNS Filtering is entirely based around preventing website access at the DNS level. So, what’s DNS?

Whenever we access a website by typing a URL into a browser, our devices have to create a DNS lookup to a specialized web server known as a ‘DNS Resolver’. This is the equivalent of us looking up a contact by their first name to find their cell phone number. 

DNS is short for “Domain Name System” and it’s essentially the internet’s ‘contacts’ app. It matches all of the website domains we’re familiar with (such as ‘wikipedia.com’) to their IP address, which is the numerical label internet-browsing devices use to connect to websites. 

When the device matches the domain name to its IP address, the domain has been ‘resolved’ and we are taken to the website we were searching for. This whole process takes on average 20-120 milliseconds to complete, but it’s essential to the way we use the web.

How Does DNS Filtering Work?

DNS Filtering uses the DNS lookup process to filter access to web content for users connected to the DNS Filtering system. 

DNS Filtering services can either filter web content by domain name or by IP address. When filtering by domain name, the DNS process will not take place at all for certain domains. When filtering by IP address, the DNS system will resolve the IP address and domain name, but access to the resolved domain will be blocked for the user requesting the lookup. 

In practice for a user, both methods have the same result. When you look-up a blocked domain name, instead of being taken to the webpage you will be taken to a page hosted by the DNS filter. This page should explain that the webpage you have requested has been blocked for being unsafe or inappropriate. 

How do DNS Filters know which domains to block?

When using a DNS filter, IT admins can block access to specific domains simply by adding this data into a DNS filtering blocklist. However, this is not a scalable way of preventing access to malicious content. 

For this reason, most DNS filtering solutions have created massive blocklists containing thousands of domains that have been categorized into separate categories. These are often shared blocklists that many DNS vendors use, or sometimes are custom blocklists developed by individual DNS filtering providers. 

These blocklists use technologies that scan domains for signs of malicious content automatically, often in real-time, preventing users from accessing malicious webpages even if they have been very recently added or infected with malware. 

Categories within blocklists can include malicious webpages, adult content, social media, or illegal content. This allows admins to quickly block access to any and all domains that may pose a cybersecurity threat or otherwise go against corporate policies.

As the CRO of DNS filtering solution DNSFilter told Expert Insights

“The nice thing about DNS-based filtering is that with the flip of a switch, you can protect your network. You can install it in literally seconds by changing your default DNS.”

What is the difference between DNS Filtering and A Secure Web Gateway?

URL filtering and DNS filtering provide similar results but use different methods to get there. URL filtering allows more granular control to block specific web pages. This means that if a single webpage was injected with malware, you can stop users from being able to access that one page, while allowing them to access the rest of the site freely. 

Because DNS filtering users the DNS process, it blocks access to entire domains, providing more comprehensive security, with less granularity.

Some web security providers will use a mixture of DNS and URL filtering, combining the blanket security of DNS filtering, with the option of granular URL filtering when required. 

What Are The Benefits Of DNS Filtering?

Block Malicious Web Content

The most important reason for using a DNS filter is to prevent users from accessing malicious web content. There are an estimated 12.8 million malicious webpages worldwide, which can initiate malicious downloads, spreading ransomware, malware, and viruses into your organization’s network. 

DNS filtering stops these attacks at the source by preventing malicious webpages from loading. As mentioned, the best solutions will identify malicious webpages and prevent user access in real-time. 

Prevent Phishing 

91% of data breaches begin with a phishing attack. Phishing attacks occur when a cyber-criminal tricks a user into giving up a password or financial information, and this often involves the use of fake login or payment pages on phishing websites. 

Fake phishing pages are often very difficult for users to identify. They often look identical to real websites, can have spoofed domains that look legitimate, and without much technical knowledge it can be easy for users to mistakenly log in with their username and password or entering credit card details to pay a fraudulent invoice.

DNS filtering services can prevent these attacks, by blocking accessing to phishing domains, even when a user doesn’t know that the page, they are accessing is malicious. 

Stop Users Accessing Inappropriate Web Content

As we previously mentioned, DNS filters can block inappropriate web content as well as malicious content. In a work-from-home world, with many users connected to their home WIFI on corporate machines, it can be beneficial from a security and a HR perspective to block user access to illegal content, adult content, or any other web pages that go against corporate policy. 

But outside of the business world, there are other important use cases for DNS filtering. Educational and healthcare organizations for example may wish to prevent minors from being able to access inappropriate web content. Hotels, shops, cafes, and restaurants offering public WiFi may also wish to limit which webpages users can access when using their hosted networks. 

Greater Admin Oversight And Control

Another important benefit of URL filtering is greater admin controls and reporting. Admins will be able to configure custom policies governing access to malicious web pages and can set allow and deny lists for which websites users are able to visit. 

In addition, the best DNS filtering solutions will provide in-depth security reporting, showcasing when users have tried to access malicious content and evaluating DNS traffic. This is important for preventing unsafe web behaviors and preventing attacks before they occur. 

What Features Should You Look For In A DNS Filtering Solution?

If you’re considering investing in a DNS filtering solution, there are a number of important features to look for: 

  • Real-Time Filtering: It’s important to look for a solution providing real-time filtering of malicious domains, to ensure the best protection against phishing and malware. 
  • Instant categorization of web content: We recommend solutions that instantly categorize web domains, which provides more comprehensive domain filtering. 
  • Flexible admin policies: Look for a solution that offers flexible admin controls around filtering, including team-based access controls. 
  • Comprehensive reporting: Reporting is an important benefit of DNS web filtering, so we recommend looking for a solution with advanced analytics in a reporting dashboard. 
  • No latency issues: We highly recommend conducting a trial to ensure whichever solution you choose does not slow down web browsing for end users. 
  • Flexible Pricing: For SMEs and smaller organizations pricing will be an important consideration. We suggest looking for a cloud-based solution with flexible pricing policies.  

Should You Invest In A DNS Web Filter?

We highly recommend that organizations implement effective web security to protect against malicious online content. DNS filters are an important tool to achieving strong web security and can be a critical pillar of a rounded cybersecurity strategy for businesses of all sizes. 

To help organizations find the right DNS web filtering solution for their organization, we’ve put together a buyers’ guide to the best DNS Web Filtering solutions based on features, pricing, and management policies. 

You can read our guide to the top DNS web filtering solutions for business here.