Here we explain DNS Filtering without diving too much into the technology,
it’s an introduction to help you make an informed decision about using DNS technology.
If you want to go deeper you can read more in our other briefs about our Url Filtering Technology,
Content Filtering and Malware Protection.
Traditionally, content control was achieved using a physical appliance. When a user attempts to visit a website, the appliance will download the content and decide whether the website can be accessed or if it should be blocked. DNS filtering is different. It works at the DNS lookup stage, before content is downloaded. The DNS filtering system looks at the requested website and compares it with a database that classifies the website according to content type. The DNS filter decides if you can view the content or not. We skipped an important detail here because your device needs to know where to find the DNS filtering service. This is usually done by one of two methods:
VeeShield supports both of these deployment models
So now let’s return to the explanation about DNS filtering to highlight an important detail. The decision to block/allow the download is delayed by the time it takes the device to send a DNS packet to the VeeShield cloud (or another vendor cloud). This delay is called “latency”
DNS filtering vendors write a lot about their latency and make comparisons between themselves. It’s like the acceleration performance of a car. However, to be able to reason about what latency is right for you then you need to understand a few important points.
VeeShield supports both of these deployment models.
Finally, let’s reflect on the question of what is good, bad or acceptable latency? There may be no shortage of opinion in the IT department about this.There is lack of empirical data, but it is generally considered that 20-50ms is good for a business and under 20ms for a small internet service provider tending to < 5ms for the largest internet service providers.