Skip to content

Hit enter to search or ESC to close

What is DNS Blocking and Why is It Important?

DNS blocking is one of the most effective ways of preventing Internet users from visiting malicious websites or accessing inappropriate online content. To best understand how DNS blocking works, it can be beneficial to know a little about DNS, how you can use DNS for blocking websites, and the different ways in which a DNS block can be applied.

What is the Domain Name System (DNS)?

The easiest way to explain the Domain Name System is to liken it to a telephone directory for the Internet. This is because everything that connects to the Internet – i.e., workstations, tablets, smartphones, websites, servers, etc. – is assigned a numeric Internet Protocol (IP) address.

IP addresses can be long and complicated and difficult to remember, and although it is possible to visit some websites by entering their IP address, it is a lot easier to enter a URL such as (for example) into a browser address bar than BOA´s IP address –

When you enter the URL, the Domain Name System sends a query to multiple DNS servers requesting the website´s IP address. As soon as it receives the IP address, the Domain Name System tells your browser what it is so the browser can send a request to retrieve the website´s content.

Because the Domain Name System consists of a hierarchy of root servers, top-level domain servers, and hosting servers, IP address lookups typically take milliseconds; and, in most cases, users are oblivious to the technology going on behind the scenes when they browse the Internet.

Did You Know?


SpamTitan's spam catch rate

11 Seconds

a ransomware attack occurs


the average cost to manage spam per person without an email filter


of all email is spam

How You Can Use DNS for Blocking Websites?

Most Internet filters work in a similar way by categorizing websites into groups. Some groups of websites are blocked by default if they are known to harbor malware, have been identified as phishing sites, or are generally considered to be unsafe because of exploitable vulnerabilities.

You can select to block additional groups of websites to prevent users accessing inappropriate online content (i.e., websites that promote pornography, gambling, or illegal drugs), or create your own customized groups by selecting websites to block by name (URL) or IP address.

Blocking DNS traffic by IP address enables you to prevent users accessing online content by blocking the website´s DNS servers rather than the website name. For example, Facebook uses multiple domains to deliver content (i.e.,,,, etc.). If you wanted to prevent users accessing all Facebook domains, it is more effective to block DNS traffic by IP address.

In addition to using DNS for blocking sites, many Internet filters also allow you to create whitelists that will enable users to access websites included in blocked categories. For example, if you were to block the online shopping category, you could create exceptions for online retailers used by your company (i.e., stationary suppliers, water deliveries, maintenance equipment, etc.)

DNS-based content filtering with WebTitan blocks user browsers from loading a malicious page so that administrators don’t need to rely on antivirus to catch malware downloads

The Different Ways in Which a DNS Block Can be Applied

Advanced Internet filters that block DNS traffic by URL and IP address offer greater flexibility in how DNS blocks can be applied inasmuch as the filters can be configured to block or allow access to certain websites (or category of website) by individual, group, time, or another attribute. This greater flexibility can be advantageous in multiple use cases – for example:

  • Businesses can apply a DNS block to social media sites which excludes marketing personnel and create an exception for lunch breaks.
  • Retail businesses can prevent customers visiting competitors´ websites from their Wi-Fi service in order to compare prices.
  • Hotels can implement a watershed for adult content in order to create a family-friendly environment during the day.
  • School districts can apply age-appropriate policies that control access to online content by grade or by subject.
  • All organizations can apply a DNS block by bandwidth to prevent some users streaming videos and choking Wi-Fi services for other users.

As mentioned above, whitelists can be created to avoid scenarios in which access to business-critical websites is blocked. Alternatively, Internet filters such as WebTitan Cloud include “cloud keys” which allow system administrators to temporarily lift restrictions rather than having to manually add websites to a whitelist and then manually remove them to re-impose restrictions.

Hear from our Customers

Excellent Product

What do you like best about WebTitan Web Filter? very easy setup - 5 minutes to configure detailed reporting easy to use very good support What problems is WebTitan Web Filter solving and how is that benefiting you? filtering websites for malicious URL's

Shlomi F.

VP Sales & Business Development

Very strict service when set up properly

What do you like best about WebTitan Web Filter? I have a feeling of comfort knowing that users are not able to get to compromised websites, and NSFW websites as well. It blocks everything! Sometimes a little too much if that is such a thing, haha. Recommendations to others considering WebTitan Web Filter: If you have a VM, install their OS on your box to help with even more filtering! What problems is WebTitan Web Filter solving and how is that benefiting you? No breach into our system at all since the installation of WebTitan Web Filter (Hybrid) I also know that users cannot access things they shouldn't be accessing as well.

Josh F.

IT Administrator

The protection we needed for our church and school.

What do you like best about WebTitan Web Filter? Web Titan provides internet filtering for everyone that walks through our doors and connects to our WiFi or wired internet. It allows us to protect our students and guests from inappropriate websites and phishing schemes. Recommendations to others considering WebTitan Web Filter: WebTitan Web Filter is a complete filtering solution for churches, schools, and other organizations. It is relatively easy to administer and the reporting is excellent. What problems is WebTitan Web Filter solving and how is that benefiting you? Anyone who connected to our WiFi or wired internet could go anywhere or be blasted with any kind of inappropriate content. It allows us to protect our students and guests from harmful websites and ads.

Mark M.


Great, simple, effective.

What do you like best about WebTitan Web Filter? Ease of implementation, reliability, accuracy of filter. What do you dislike about WebTitan Web Filter? I am happy with all of the features, no real dislikes. Recommendations to others considering WebTitan Web Filter: Go for it, far superior to other products and we have used many big names such as Barracuda. What problems is WebTitan Web Filter solving and how is that benefiting you? Effective but affordable, non local applianace based web filtering. Inexpensive enough to add as a value add to our managed services offerings.

Michael Z.


No IT staff - need to still monitor end clients this is for you

All positive - I love that we spoke to real people, no phone tag. They have been nothing but responsive when we installed and created our account. Very positive and I highly recommend them! We have used similar products but they kept changing the product and increasing the cost, they would have no customer support and you could not even email them. WebTitan has excellent support and service, they helped us set it up, configure it, and install it. They are super responsive on email their products works for exactly what we want it to do. It was the best solution for us to monitor some end clients without limiting the rest of the network or having something we could not easily access. For us it is the prefect product, something non-IT staff can set up monitor and use daily to limit risks by a completely open internet policy. This was exactly what we needed!


General Manager

More about DNS Blocking with WebTitan Cloud

WebTitan Cloud is a DNS-based Internet filter that can easily be configured to control access to online content via a series of category filters, keyword filters, and granular policies. The DNS blocking filter works across all wired and Wi-Fi networks; and because it is a cloud-based solution, requires no on-premises hardware or software installations.

WebTitan Cloud is used by organizations of all sizes, MSPs and ISPs to prevent users accessing malicious, illegal, and other prohibited web content – mitigating the risk of cyberthreats such as malware, ransomware, and phishing. WebTitan Cloud can also be used to prevent cyberslacking by restricting access to productivity sinks such as social media and online shopping websites.

If you are an organization, MSP, or ISP that wants to exercise control over Internet access, give our team a call today. Our sales technicians will be happy to explain how WebTitan Cloud works and the best way to implement the solution in your organization. You can also take advantage of a free trial to evaluate the full solution in your own environment.

Susan Morrow

Susan Morrow


Talk to our Team today

Talk to our Team today

DNS Blocking FAQs

Do I need to have a DNS filter?

A DNS filter is an important cybersecurity solution that protects against web-based attacks and blocks access to phishing websites and malware and ransomware downloads. Without a DNS filter, you are likely to be reliant on your antivirus software for detecting malware and the ability of your employees to identify and avoid threats on the Internet. A DNS filter therefore greatly improves security.

What are the advantages of DNS filtering over other types of web filter?

A DNS filter filters out web content and gives you control over the sites and content your employees can access. These are features of all web filtering solutions, but with DNS filtering malicious content will be blocked before it is downloaded, there is no need for any software downloads, and you will not need to purchase an appliance.

Does DNS filtering have an impact on speed?

A DNS filter works at the DNS lookup stage of a web request before content is downloaded and filtering controls are applied in a fraction of a second. There is also no need to backhaul traffic to apply controls for roaming users. Most web filters will involve some latency, but DNS filtering will not have any noticeable impact on speed.

Who much does a DNS filtering solution cost?

The starting price for a powerful DNS filtering solution is around $1 per user per month, although the cost can be as high as $3 per user per month or more with some solution providers. WebTitan Cloud is at the low end of the price spectrum and gives SMBs the protection and control they need. The cost is also much lower than dealing with the phishing and malware attacks that a DNS filter will block.

Do I need a DNS filter with SSL inspection?

SSL-encrypted internet communications are invisible to many web filters. If you do not have full SSL inspection, traffic cannot be inspected, evaluated, and blocked. Since most Internet traffic is now SSL encrypted, including malicious websites, SSL inspection is now critical for security.

What does it mean if I get the message the network is blocking encrypted DNS traffic?

The message that the network is blocking encrypted DNS traffic is an issue that has affected some iPhone users since Apple started supporting encrypted DNS in iOS 14. If you get this message, it is likely you are trying to connect to a network via a router that doesn´t support encrypted DNS rather than your ISP is blocking IP address look-ups for encrypted sites. Depending on your router and ISP there are several fixes for this issue, and we recommend you contact your ISP for device-specific hel

How does a DNS blocking service such as WebTitan Cloud prevent users circumnavigating filtering policies by using anonymizer sites?

One of the preconfigured DNS blocking categories on the WebTitan Cloud filter is “anonymizer sites”. By selecting this category, system administrators can prevent users visiting web pages that promote proxies and anonymizers such as the Tor Browser. Alternatively, system administrators can block access to the “search engines” category of website and whitelist a single search engine for use on the corporate network.

How many preconfigured DNS blocking categories does WebTitan Cloud have?

There are 53 preconfigured categories from which to select, plus system administrators can also create customized categories if required. WebTitan Cloud also supports blacklists and whitelists. So, if a system administrator wants to block just one website in an unblocked category – or allow access to one website in a blocked category – WebTitan Cloud can be easily configured to meet the requirements of the organization.

What other options does WebTitan Cloud offer to block DNS traffic?

In addition to preconfigured categories, customizable categories, and blacklists, WebTitan Cloud also supports keyword filtering. Access to websites can be blocked if they contain a specific keyword, or if a keyword reaches an administrator-defined threshold. However, this option for DNS blocking is best used sparingly as it could (for example) prevent students from accessing educational material or hotel customers from accessing valuable tourist information.