Filtering DNS

How VeeShield DNS technology is applied
to malware and content protection.

About Filtering with DNS

Here we explain DNS Filtering without diving too much into the technology,
it’s an introduction to help you make an informed decision about using DNS technology.
If you want to go deeper you can read more in our other briefs about our Url Filtering Technology,
Content Filtering and Malware Protection.

What is DNS?

What and why Filtering DNS?

Request a Callback

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How Does Filtering DNS Work?

Traditionally, content control was achieved using a physical appliance. When a user attempts to visit a website, the appliance will download the content and decide whether the website can be accessed or if it should be blocked. DNS filtering is different. It works at the DNS lookup stage, before content is downloaded. The DNS filtering system looks at the requested website and compares it with a database that classifies the website according to content type. The DNS filter decides if you can view the content or not. We skipped an important detail here because your device needs to know where to find the DNS filtering service. This is usually done by one of two methods:

Router Based DNS

End Point Protection

VeeShield supports both of these deployment models

So now let’s return to the explanation about DNS filtering to highlight an important detail. The decision to block/allow the download is delayed  by the time it takes the device to send a DNS packet to the VeeShield cloud (or another vendor cloud). This delay is called “latency”

DNS filtering vendors write a lot about their latency and make comparisons between themselves. It’s like the acceleration performance of a car. However, to be able to reason about what latency is right for you then you need to understand a few important points.

Vendor’s Global Cloud

Vendor “on premise” Cloud

VeeShield supports both of these deployment models.

Finally, let’s reflect on the question of what is good, bad or acceptable latency? There may be no shortage of opinion in the IT department about this.There is lack of empirical data, but it is generally considered that 20-50ms is good for a business and under 20ms for a small internet service provider tending to < 5ms for the largest internet service providers.

All Features

Content Filter

Malware protection

Report & Analysis


Multi-tenant dashboard

Compatible with any Router