Here we explain DNS Filtering without diving too much into the technology,
it’s an introduction to help you make an informed decision about using DNS technology.
If you want to go deeper you can read more in our other briefs about our Url Filtering Technology,
Content Filtering and Malware Protection.
DNS is short for Domain Name System and it solves a simple problem. If you want to visit a website, you need to know the name of that website and must enter it into the address bar of your browser. For example, www.mywebsite.com.
The problem is while that domain name is easy for humans to recognize, it means nothing to a computer. For a computer to find the website, an IP address is required. An IP address is a string of digits specific to a particular website that tells your computer where to find it. Domain names are for humans. IP addresses are for computers. DNS converts one to the other and basically serves as the phone book of the internet. You look up a name (website “domain name”) and the DNS server tells your computer the number (IP address) to allow that website to be found. That means you do not need to remember a string of digits to access a particular website.
When you type in a domain into your browser or click a link in a search engine or email, a connection will be made to a DNS server, the IP address will be found, and you will be directed to the website. Your DNS server will usually be provided by your internet service provider by default. Taking control of your DNS is where DNS filtering starts.
DNS filtering is the term given to blocking access to specific internet content to prevent it from being part of search results or downloaded content.
Filtering with DNS is a way to block access to specific web content. For example blocking access to websites known to host child pornography, or other content that is illegal to view or banned by your country.
Organisations may want to block access to other types of content that violate their own internet usage policies, such as adult content, social media networks, and websites known to host malware.
DNS filtering therefore protects users and their devices and network owners, assuring / enabling compliance with government regulations.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Traditionally, content control was achieved using a physical appliance. When a user attempts to visit a website, the appliance will download the content and decide whether the website can be accessed or if it should be blocked. DNS filtering is different. It works at the DNS lookup stage, before content is downloaded. The DNS filtering system looks at the requested website and compares it with a database that classifies the website according to content type. The DNS filter decides if you can view the content or not. We skipped an important detail here because your device needs to know where to find the DNS filtering service. This is usually done by one of two methods:
DNS settings in most routers can easily be adjusted to send all DNS to VeeShield Cloud. Here is a video showing the full set up in a MikroTik under 30 seconds.
This refers to the intelligence residing in the device (end point). This is implemented as a tamper resistant application that downloads to the device and brings it under DNS filtering control anywhere!
VeeShield supports both of these deployment models
So now let’s return to the explanation about DNS filtering to highlight an important detail. The decision to block/allow the download is delayed by the time it takes the device to send a DNS packet to the VeeShield cloud (or another vendor cloud). This delay is called “latency”
DNS filtering vendors write a lot about their latency and make comparisons between themselves. It’s like the acceleration performance of a car. However, to be able to reason about what latency is right for you then you need to understand a few important points.
Every vendor has a global network of local connection to service your needs. It generally follows the rule that the nearer the access point, the lower the latency. But read on…
The most recent trend is to deploy an on-premise Cloud (at VeeShield we call this a CloudBox). The idea is to optimize totally for your own needs, however, this is not a dedicated appliance but instead a very light application that runs on existing IT systems within the end user. It should permit a latency performance trending to under 5ms
VeeShield supports both of these deployment models.
Finally, let’s reflect on the question of what is good, bad or acceptable latency? There may be no shortage of opinion in the IT department about this.There is lack of empirical data, but it is generally considered that 20-50ms is good for a business and under 20ms for a small internet service provider tending to < 5ms for the largest internet service providers.
Protects users’ internet experience by removing unwanted, illegal and dangerous content. High protection customization according to over 90 system blacklist categories updated 24×7.
Blocks malware, botnet, phishing, ransomware and many other threats using a professional, commercial grade, protection feeds.
Provides reports by categories and macro categories visited, in real time, and scheduled by e-mail.
Prevents access to countries with a reputation for ransomware, malware and other risks.
Allows administrators to easily create and manage tenants (clients), who are isolated from each other under a single deployment.
Compatible with any router, HotSpot Wifi, firewall and gateway. Supports static and dynamic IP & DDNS protocol. Client available for Microsoft Windows.