In this post we explain DNS blocking and why and how a DNS block is put in place, but first lets cover what the DNS is and why it is necessary.
What is the Domain Name System (DNS)?
A unique IP address is assigned to every device connected to the internet. The IP address allows each device to be identified and located. An IP address is a computer-friendly number, but IP addresses are difficult for people to remember. To make it easy to find web resources, human-friendly domain names are used and that is where the Domain Name System comes in.
The Domain Name System (DNS) is a naming convention for websites, essentially serving as an address book for the Internet. When you attempt to visit a website using your web browser, before the website can be accessed it needs to be located and that requires an IP address.
A query is sent to a recursive DNS server, which contacts other servers looking for the IP address. If the website exists, an IP address will be provided to the browser to allow the website to be accessed. DNS servers are maintained by your Internet service provider. For example, AT&T uses DNS servers with the IP addresses 18.104.22.168 and 22.214.171.124 that perform DNS lookups to find IP addresses.
What is a DNS Block?
A DNS block is used to prevent users from accessing certain websites. With a DNS block in place, the IP address of a website will not be returned when a DNS lookup is performed. A DNS block may be put in place by an internet service provider to prevent its customers from accessing illegal web content. To get around the DNS block, you would need to use a different DNS server that does not have a DNS block in place.
Modern web filters use DNS blocking to restrict access to certain types of web content such as social media networks, pornographic material, dating sites, gaming sites, and file sharing sites to enforce Internet usage policies. DNS blocking is also used to prevent users from visiting websites that harbor malware and other malicious content.
DNS blocking is an efficient method of content control. Since DNS blocking occurs at the DNS lookup stage before any content is downloaded, the process is very quick. There is next to no latency with web filters that use DNS blocking. The easiest way to block DNS and control the types of content that can be accessed is to use a DNS-based web filter.
DNS Blocking and Internet Control
When you sign up to use a DNS-based filtering service, the service provider will give you the IP addresses of their DNS servers, which are used instead of the DNS servers provided by your ISP.
A DNS-based filtering service provider maintains a database of categorized websites and handles DNS lookups. When a query is sent to the service provider to find an IP address for a website, an IP address will only be returned if the service provider deems the website safe and if the site does not violate user-defined content control policies. If a request is received to visit a prohibited website, instead of the IP address being provided, the user will be directed to a local DNS block page that explains that the website cannot be viewed because it violates the organization’s internet usage policies. That attempt will also be logged.
Users of the service are provided with a web-based interface that they can use to set policies covering the types of websites that are permitted or prohibited. Though that interface, organization-wide controls can be applied, and content control policies can be set for different departments or offices, user groups, and individual users.
Start Filtering the Internet with WebTitan Cloud
WebTitan Cloud is a DNS-based web filtering solution that can be used to carefully control the types of web content that can be accessed by users on wired and Wi-Fi networks. WebTitan Cloud is used by SMBs, MSPs and ISPs to prevent malicious, illegal, and other prohibited web content from being accessed.
In addition to blocking malware, ransomware, and phishing attacks, WebTitan Cloud can be used to prevent cyberslacking by restricting access to productivity sinks such as social media websites and to restrict bandwidth use by limiting access to video streaming websites.
WebTitan Cloud can be implemented in 5 minutes, it is easy to configure and use, and it allows precise control over the types of content that can be accessed.
If you are an ISP, MSP, or SMB that wants to exercise control over internet content, give the TitanHQ team a call today. Our sales technicians will be happy to explain how WebTitan Cloud works and the best way to implement the solution in your organization. You can also take advantage of a free trial to evaluate the full solution in your own environment before making a decision about a purchase.
Frequently Asked Questions (FAQs)
Do I need to have a DNS filter?
A DNS filter is an important cybersecurity solution that protects against web-based attacks and blocks access to phishing websites and malware and ransomware downloads. Without a DNS filter, you are likely to be reliant on your antivirus software for detecting malware and the ability of your employees to identify and avoid threats on the Internet. A DNS filter therefore greatly improves security.
What are the advantages of DNS filtering over other types of web filter?
A DNS filter filters out web content and gives you control over the sites and content your employees can access. These are features of all web filtering solutions, but with DNS filtering malicious content will be blocked before it is downloaded, there is no need for any software downloads, and you will not need to purchase an appliance.
Does DNS filtering have an impact on speed?
A DNS filter works at the DNS lookup stage of a web request before content is downloaded and filtering controls are applied in a fraction of a second. There is also no need to backhaul traffic to apply controls for roaming users. Most web filters will involve some latency, but DNS filtering will not have any noticeable impact on speed.
Who much does a DNS filtering solution cost?
The starting price for a powerful DNS filtering solution is around $1 per user per month, although the cost can be as high as $3 per user per month or more with some solution providers. WebTitan Cloud is at the low end of the price spectrum and gives SMBs the protection and control they need. The cost is also much lower than dealing with the phishing and malware attacks that a DNS filter will block.
Do I need a DNS filter with SSL inspection?
SSL-encrypted internet communications are invisible to many web filters. If you do not have full SSL inspection, traffic cannot be inspected, evaluated, and blocked. Since most Internet traffic is now SSL encrypted, including malicious websites, SSL inspection is now critical for security.