What is DNS filtering?
2 min read
DNS filtering is a technique to block access to websites or online content. DNS filtering is implemented by specialized DNS resolvers (such as Cloudflare Gateway) that allow you to define a blocklist of domains or content categories. The DNS resolver acts as a filter by refusing to resolve queries for domains on the blocklist, thus preventing users from loading those websites.
Purpose of DNS filtering
DNS filtering is commonly used to:
- Protect company data from phishing, ransomware, and malware.
- Block websites that go against corporate acceptable use policy, such as adult content, gambling, and piracy.
- Restrict access to websites that may impact employee productivity, such as gaming, social media, and video streaming.
How DNS filtering works
DNS filtering involves configuring your browser, device, or router to send all DNS requests to a DNS filtering service. The DNS filtering service checks the domain or IP against your DNS policies. If the domain or IP matches a block policy, the DNS filtering service can redirect the request to an alternative IP address or block it altogether. The diagram below shows the logic for Cloudflare Gateway’s DNS filtering service.
DNS filtering vs. Secure Web Gateway
A URL assumes the form:
DNS filtering only applies to the hostname —
subdomain.domain.tld. You cannot block specific protocols, ports, paths, or query types. Additionally, users can bypass DNS policies if they already know the IP address of the website, or by connecting through a Virtual Private Network (VPN) or proxy server.
Secure Web Gateways (SWGs) offer a greater set of capabilities, including:
However, this can make SWGs more complex to deploy. Therefore, many organizations will start with DNS filtering as an initial layer of defense against Internet threats.
In the remaining modules, you will learn how to set up DNS filtering on your devices using Cloudflare Gateway.