TitanHQ

TitanHQ Blog

How does DNS Filtering Work?

Posted by Geraldine Hunt on Mon, Nov 16th, 2020

How does DNS Filtering Work?

DNS filtering provides protection from malicious online threats such as viruses, malware, ransomware, phishing attacks and botnets. The Domain Name System (DNS) makes it so that we can use the Internet by remembering names, and computers can translate these names into machine-readable IP addresses to transfer information from websites, email servers, and file servers to your web browser or email client. Passwords are hard enough to remember – imagine if we had to remember IP addresses instead of domain names. 

Even though the concept of DNS filtering is simple to understand, you might have some misconceptions about DNS filter that could affect getting it to work safely and reliably. So I’ll share with you the most common problems I’ve seen IT pros encounter while securing their DNS infrastructure throughout the years, and hopefully, bust the most common myths at the same time.

WebTitan is the high performer in business DNS filtering customer reviews in 2020:

dns filtering reviews

4 Myths About DNS Filtering

Myth 1: We don’t need dns filtering, we already have endpoint antivirus AV

Sure, but antivirus software can only detect known viruses while it’s running – and end users are notorious for turning off antivirus and the local firewall on their computers to avoid sluggish performance or install software that they “need” to do their job (or sometimes, really, to distract themselves from doing their job!). Managing this isn’t always as simple as enforcing domain policies – sometimes the culprits are in the executive suite. Bear in mind anti-virus cannot block content that isn’t infested with viruses but still isn’t appropriate for work, such as porn, gambling, politics, or social media. See where I’m going with this?

Small businesses can be (and many have been) crippled by copyright infringement suits – the business is liable for how its network is used. If an end user is serving up pirated movies from your IP address, can your business afford the fine? If an employee accidentally gets infected with a spambot, it’s your IP address that will be blacklisted and blocked, and your email that will no longer be delivered.

Web-delivered malware can affect the entire business. If CryptoLocker or Petya or one of its ever-evolving variants destroys a shared drive containing overtime logs or customer invoices, who loses out? And there are other viruses that may be lurking undetected (Uroburos went undiscovered for years), silently stealing information or waiting to deliver a destructive payload.

DNS filter will not prevent all of these, but having multiple layers of security lowers the risk. What layers so you require? You need dns filtering, spam filtering, endpoint anti virus, sensible firewall rules, up-to-date software, regular reliable backups, and an aware workforce. Leaving a single door open makes all the rest of the locks pointless.

Don't miss our DNS Filter guide 
 

Myth 2: DNS filtering is complicated

Nope it isn't! It starts with DNS lookup in just three steps:

  1. Query: You type a web address into the browser, triggering a DNS query.

  2. Lookup: The DNS server specified in your network interface configuration (usually provided automatically by your DHCP server) receives the request and looks up the IP address relating to that domain.

  3. Response: As long as the domain name exists, the corresponding IP address is returned, and your browser then uses that IP address to communicate directly with the web server for that domain (and usually caches it for future reference).

Once the DNS reply is received with the IP address of the domain name server, DNS is no longer involved in the communications between your browser (or other application software) and the server.

This process then provides an opportunity for using DNS as a very basic, low-latency (fast!), and low-bandwidth filter to protect users from phishing sites, botnets, and other risky websites – and a way to prevent access to inappropriate NSFW (not suitable for work) websites. By using DNS security with a database of categorized websites (if the DNS server/database is quick), you can be safe in the blink of an eye. The filter protects your network by only providing lookup requests with a valid IP address for safe websites, but returns a local IP address to deliver a block page for forbidden sites.

DNS logging will show which lookups people have performed, but not which sites they actually visited, nor for how long. For that level of detail, you’ll need a fast local proxy/filter to look at all of the actual web traffic. For most small-to-medium-sized businesses, this is overkill. For larger organizations, there are often valid reasons for including a local web filter and proxy that justify the extra expense and IT personnel overhead.


Myth 3: DNS web filtering is easy to bypass

In most cases, simply setting the primary DNS servers as the cloud web filter in your DHCP server (usually this is all in your Internet gateway appliance for a small business – which includes the router, network switch, and a firewall) is good enough to block the majority of web-delivered malware and prevent access to any productivity-killing (Facebook) and bandwidth-gobbling sites (YouTube, Netflix).

  • But of course, “smart” end users may try to get around your filters. You know the culprits here: It’s amazing how clever these guys can be when they want to get to Facebook, yet how easily they can forget how to access the file server.  They’ll find a proxy service or change their DNS settings locally on their computer if you haven’t locked it down (you’ve locked down their computers, right?).   
  • No web filtering approach is immune to circumvention – both appliance-based and cloud DNS filtering services can be bypassed. But you can take simple steps to limit your end users’ ability to access forbidden websites. It’s time to roll up your sleeves and set some firewall rules on your Internet gateway/router! You can block DNS requests to anything other than your approved DNS service and block all other DNS requests. If you use an external DNS server, you should allow only port 53/UDP to access the IP addresses of your chosen DNS filtering service servers.
  • If you have your own, locally hosted, internal DNS server, you should allow only port 53/UDP outbound requests from your internal DNS server's internal IP address to the external IP addresses of the primary and secondary DNS servers that your internal DNS server is configured to use. In other words, local computers query your local DNS server, and only your DNS server queries the web filtering DNS service on the Internet.

Myth 4: Configuring DNS filtering is a lot of work

Including DNS filtering in your security arsenal is such an easy and straightforward option. Most routers and firewalls will allow you to block port 53 – DNS traffic. By editing your internal MX records, a single configuration change in one place (on most small networks, it’s the router), you can effectively prevent access to risky sites and protect your network.

DNS Filtering Truths

Now for some cold, hard truths. First, technology isn’t the only part of the solution to website access. An acceptable internet usage policy is also required. People should be informed ahead of time what is and isn’t allowed and made aware of the consequences. They aren’t only risking their own jobs, but potentially putting every other employee and the business at risk. And secondly, the speed and performance of DNS servers can vary. Slow or poor domain resolution will result in slow and less reliable web browsing. However, you can run speed tests on DNS servers to compare performance.

How DNS Filtering works

WebTitan Cloud is our DNS based web filtering product that allows you to monitor, control, secure and protect your business from online threats. It’s based in the cloud, it’s easy to use and is priced competitively. The two key functions of the product are – web security and web content control. A user types a URL into their browser, this request is sent to the WebTitan Cloud servers and based on a pre-defined policy, the request is allowed or blocked. If the request is blocked the user is presented with a block page informing them why it was blocked. If the user is allowed they are passed on to the requested URL

Key Benefits of DNS Filtering with WebTitan 

  • Block Malware & Malicious Sites -  WebTitan Cloud blocks access to malware, ransomware, phishing attacks, viruses, malicious sites, spyware, etc. It eliminates malicious content at the source

  • Control Internet Access - WebTitan Cloud allows you to control internet access in your organization at a granular level and from an easy to use management console.

  • Simple Set Up with Immediate Results -  Requires no software installation and can be set up and operational in minutes.

  • Benefits of the Cloud - Deployed as a cloud-based service this DNS based solution requires a simple DNS redirect to the WebTitan servers. This facilitates scale and eliminates latency


Key Features of DNS Filtering with WebTitan:

URL Filtering:
Filters URL’s into 53 predefined categories such as social media, news, pornography, gambling, etc. The system contains over 500 million website addresses in 200 languages each sorted into predefined categories.

Cloud Keys:
A bypass code that can be entered on the block page allows a user to bypass the block page and proceed to the requested website.
 

On The Go Agents:
The Windows-based agent that when installed on a laptop ensures the user continues to use the WebTitan Cloud policy outside the office environment

DNS Proxy:
A small locally installed virtual machine that integrates with Active Directory and allows per-user reporting of internet activity

Extensive Web Filtering API:
Remote management and monitoring via API.

Flexible Policies:
Different considerations and policies for different environments. Easily create and manage your own policy to protect users including whitelists and blacklists of URL’s and domains.

Support:
Renowned for our focus on supporting customers.

Reporting:
Access to a suite of over 50 predefined reports on user or group activity. These reports can be scheduled, or exported in multiple formats.

Multi-Tenanted Platform
Create new accounts easily and manage any number of locations.

Scalable & Fast
Set up in minutes and managed from an intuitive web-based interface. The solution can handle any volume of usage with no latency.


The Benefits of using a DNS Filtering service are:

  • Improves security by blocking access to malicious and risky websites
  • Prevent malware downloads from malicious or hacked websites
  • Keeps your defense up to date with targeted threat analysis and zero-day updates to protect your customers as threats arise.
  • Use policy-based controls to manage access with highly granular blocking and filtering
  • Prevent users from accessing material that could hinder productivity or cause offense.
  • Use policy-based controls to manage access with highly granular blocking and filtering

WebTitan DNS Filter

WebTitan Cloud provides feature-rich functionality allowing you to protect users from malware, phishing and viruses as well as enforce internet usage policies, without the need for on-premises hardware or software. WebTitan Cloud offers you cloud-based DNS Filtering to bring powerful enterprise filtering to all your users, regardless of their location. WebTitan Cloud eliminates browser latency while delivering secure and comprehensive web security to all your off-premises users.

Anti Malware Protection
WebTitan Cloud includes several categories of malware protection, blocking access to compromised websites, Spam based websites, Spyware, and malicious websites.

URL Filtering
WebTitan Cloud offers URL filtering of up to 53 predefined categories including 1 O's of millions of URL's which works in conjunction a cloud-based look up and real-time classification system to provide an unmatched combination of coverage, accuracy, and flexibility. Rest easy knowing your internet access is safe and secure.

How does DNS filtering work? Easy Steps to setting up DNS Filtering: 

The following information is required before you start DNS filtering: (check out our docs section for the step by step guide)

1. WebTitan web filtering login credentials for the Customer Account 

2. IP address(es) for the location(s) you want filtered by WebTitan Cloud.

Sign up for a free DNS Filtering Trial. Then follow the steps below:

  1. Log in to your DNS filter for the first time.

  2. Add your location(s) and your IP address(es).

  3. Configure your web filtering policy, This is the exciting bit.

  4. Install the WebTitan Cloud SSL certificate.

  5. Redirect your DNS requests to the WebTitan Cloud. Your DNS requests will be resolved here from now on.


Once you have completed your initial web filtering setup, take a look through the guide menu for information on the different tabs in WebTitan Cloud. ~
You can also look at: 

1. Identifying your users to be filtered

2. Customizing your web filtering block page with your logo and messaging

3.Scheduling a web filtering report - this can even be at a unique user level 

Done! You're now completely set up your web filtering. Congrats. 
 
The Three Tier Mechanism for filtering internet content at the DNS level

WebTitan Cloud uses a three-tier mechanism for filtering Internet content. The three tiers work together to maximize the company's defenses and prevent users from accessing material that could hinder productivity or cause offense.

Tier 1 - SURBL & URIBL filters
Tier 2 - Category filters
Tier 3 - Keyword filters

WebTitan has lots more game-changing features including:

  • Best-in-class malicious URL detection
  • Real-time filtering
  • Instant categorization
  • Infinitely scalable
  • Flexible Policies
  • Access Control
  • Extensive Web Filtering API
  • Malware & Phishing Protection
  • We detect up to 60,000 malicious sites EVERY DAY
  • Immediate live updates
  • Zero-day updates to protect your customers as threats arise.
  • No bandwidth limits and No latency issues - There are different considerations for different environments so you need to have flexible policies. There are ALWAYS exceptions so a rigid approach for a wide range of customers will just not work.
  • Single email address login access to a specific policy configuration
  • Remote Management and Monitoring via AP - WebTitan will block access to malicious, hacked, or inappropriate websites. SSL supported

WebTitan provides advanced threat protection from malware, malicious sites, phishing sites, C2 callbacks, ransomware, botnets, spyware, and viruses. 

More DNS Filter news here

Free Trial of our DNS Filtering solution here

Web Filter Trial

 

 










DNS Filtering News and DNS Filtering Resources:

1.
A Guide to DNS Filtering 2020 
How does DNS filtering work? DNS filtering is designed to combat malware, spam, child pornography and other dangerous sites on the web.
DNS is both an interpreter and roadmap for the Internet. 

2. 
DNS Filtering Solution 
WebTitan is an advanced DNS filter providing both protection from HTTP and HTTPS security threats as well as advanced DNS filtering control to businesses, MSP's and schools globally.

3.
DNS Filters versus Firewalls ​
48% of IT professionals listed their perimeter firewall/UTM appliance as their chosen web filter solution for their respective guest Wi-Fi environments.

4. 
DNS Filtering Solution for MSPS 
Managed Service Providers may be put off offering web filtering to clients in the mistaken belief that there is little profit to be gained from doing so.
However, this could not be further from the truth.
A DNS filtering solution for MSPs requires no additional hardware, no software downloads, and no visits by service staff to install the solution.

5. 
DNS Filter Software 
There are many different types of DNS Internet filtering software on the market but, in order to be fully effective,
DNS web filtering software must have SSL inspection. Secure Sockets Layer (SSL) encryption was developed
to prevent online transactions from being intercepted and tampered with. Most often associated with online banking,
SSL encryption is now used in many different online applications.

6.
DNS Filtering Comparison - Webtitan versus WebRoot 
At a glance there are similarities between the products, in that both are DNS filtering solutions, however, this that is where the similarity ends.
WebTitan Cloud has many additional security features that leave this comparison feeling decidedly one-sided.

7. 
DNS Filtering as part of the Security Stack 
Being in the managed services business means you are in the cybersecurity business.  Both are deeply intertwined. 
There is nothing more important than protecting the users, devices, files, and infrastructure of your customers from malicious attacks. 

8.
Why MSPs implement DNS filters 
How many of your Managed Services clients filter their web traffic?  MSPs that aren’t offering web filtering services to clients are missing out on a viable income stream. 
Web filtering is an essential element in a well-constructed multi-layered security strategy

9.
How DNS Filtering works on your network 
Past content filtering solutions were cumbersome and didn’t work well with infrastructure, but DNS-based solutions work seamlessly with current solutions.
Because DNS-based solutions work with global DNS systems, it easily works with current network infrastructure. 

10.
DNS Filtering Videos  
Great video on how Cloud Based, DNS Web Filtering Actually Works

11. 
DNS Filtering helping your network security  ​
DNS blocking used for security against phishing and spam can help preclude DNS attacks. This mechanism makes it difficult for entities to locate specific domains or web sites on the Internet that are malicious sites.

12. 
DNS Filtering Cisco
In the last 36 months, many OpenDNS Cisco Umbrella customers have switched to WebTitan Web Filter. This free guide examines the 12 reasons that so many OpenDNS Cisco Umbrella users move to WebTitan as an alternative web filtering, dns security and malware blocking solution.

13. 
DNS Filter Review
Here are some great reviews of our dns filter solution WebTitan 

14.
DNS Filtering reviews
Here are a selection of reviews and testimonials of our dns filtering platform WebTitan 

 

Never Miss a Blog Post

Sign-up for email updates...

Get Your 30 Day FREE Trial
TitanHQ

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us