Introducing UltraAPI: Bash bots and secure APIs.

Learn More
Search
Close this search box.
SUPPORT
Under Attack
Speak to Sales
Vercara >
Learning Insights >
DNS Filtering
Learning Insights

DNS Filtering

What is DNS filtering?

DNS filtering operates at the Domain Name System (DNS) level. DNS filtering helps to stop malicious traffic from accessing a website and is often an organization’s first line of defense against online threats.

How does DNS work?

When you type a website address into your browser, this is where you engage with a DNS. Your request is first directed to a DNS resolver, querying additional DNS servers or checking its cache. If it doesn’t have the information, it queries other DNS servers until it retrieves the correct IP. 

Once this information is found, your browser can then load the website you’re looking for using that IP address. (This is where the “resolver” in “DNS resolver” gets its name—once your device has the correct IP address, it’s known as “resolving” the domain.) From there, your device is able to communicate with the server.

This way, you can easily access websites without needing to remember complex numerical addresses. In essence, DNS is a crucial bridge between human-friendly web navigation and the technical underpinnings of the internet.

How does DNS filtering work?

Here’s how it works: the DNS filter maintains a database of categorized domain names that it uses to identify safe, questionable, and malicious sites. When a request comes, the filter reads the request and compares it to its database to determine the quality of the request. It will filter the request based on its findings.

How a filter takes action is based on the incoming domain’s categorization and the rules applied to the filter. Filter rules can be different depending on the DNS filter and web application security model being used. However, the general course of action all filters take include:

  • Safe sites are permitted
  • Questionable ones might be flagged for review 
  • Malicious sites are blocked

DNS filtering is also an incredible tool for blocking website properties based on IP address or domain name:

  • IP address: For devices trying to access a blocked IP address, your DNS resolver won’t send the request back to the device in question.
  • Domain name: Your DNS resolver does not look up IP addresses for certain domains you’ve blocked.

What is a DNS blocklist?

A DNS blocklist, often referred to as a DNS blacklist, is a cybersecurity tool designed to identify and prevent malicious network communications. A blocklist serves as a protective barrier for your networks and is populated with a list of domain names associated with known malicious activities. 

A blocklist includes phishing sites, malware, command and control servers for botnets, and other known fraudsters or unwanted entities.

DNS blocklist and a DNS filter

Domains listed on a DNS blocklist are part of a DNS filter’s database. The filter will stop traffic from a blocklisted DNS from accessing its site. 

How this works is when a user from a blocklisted location tries to access a domain with a DNS filter, the DNS request is blocked. This is because its address was checked against the filter’s blocklist causing the request for access to be denied.

What is the difference between DNS filtering and DNS web filtering?

Though both DNS filtering and web filtering function at the DNS level, they serve slightly different purposes and operate in different ways.

DNS filtering

Filtering involves analyzing incoming DNS queries and identifying if the domain requesting access is safe, questionable, or malicious. Filtering is like a gatekeeper to a website that determines who can access it based on a predefined list of domain names. 

Web filtering

DNS filtering is a simple and effective way to use the DNS to allow malicious or inappropriate traffic to be blocked and cleaned, allowing traffic to go through. Its primary focus is on categorizing and filtering web content as an administrator sees fit. Its two primary benefits are:

  • Protection against malware, phishing, command and control, and DNS exfiltration
  • Stop end users from accessing certain websites from specified devices

Does Vercara offer DNS filtering and web-filtering solutions?

Vercara offers a next-generation protective DNS solution known as UltraDDR. This solution is designed to act proactively, stepping into action before an attack rather than after. UltraDDR counters adversaries effectively and blocks malicious queries, allowing businesses to stay ahead of threats and attacks.

UltraDDR focuses on the discovery and mapping of adversary infrastructure. This powerful tool combines this with real-time communication pattern analysis, shifting security defenses from reactive to proactive.

  1. Domain blocking: Block queries to malicious domains.
  2. Global network: UltraDDR employs a global network of secure recursive servers allowing you to tap into security, reliability, and swift response times.
  3. Content web filtering: Easily enforce company Internet usage policies with category-based content web filtering. This includes block or allow lists.
  4. Adaptive policy engine: The UltraDDR engine uses years of historical domain data combined with real-time analysis of adversary communication patterns. This is crucial in identifying and preventing attacks before they even start.

Vercara helps global industries secure their online presence and perform at scale with maximum reliability. We’ve helped secure the Olympic Games, and we can help you too. Contact us today to give your online assets greater security and performance capabilities.

Related Vercara Resources

Logo Vercara
Securing the online experience.

Cloud infrastructure and cybersecurity services for DNS, DDoS and web applications.

Follow Vercara
Facebook-f Linkedin-in Twitter
Vercara
2201 Cooperative Way
Suite 350 Herndon, VA 20171

Cybersecurity Insights

Directly to your inbox once a month.

Solutions

Industries

General

© 2024 Vercara, LLC