What is DNS filtering?

Secure DNS environments from web-based threats and protect your business from nefarious content with ThreatDown DNS Filtering.

DNS filtering defined

DNS filtering (or DNS block) describes a cybersecurity measure used to stop internet users from accessing unapproved websites on a server. Organizations use DNS blocking to secure their environment against phishing attacks and other cyberthreats. Through DNS filtering services, businesses assign control over what users can access, limit access to websites potentially posing malware risk, and reduce remediation demands on their IT teams.

DNS meaning

What is DNS? The Domain Name System (DNS) is a database that translates domain names into Internet Protocol (IP) addresses allowing browsers to load internet pages. All devices connected to the internet have a unique IP address and other machines can use the IP address to locate a specific device. In today’s business landscape, it’s no longer necessary for individuals to memorize IP addresses as DNS servers map domain names used to locate website IP addresses.

Steps in the DNS process:

When an internet user opens a website a set of steps are carried out to load the webpage.

  1. The user searches the domain name in a web browser. A DNS query is created and sent to a DNS resolver.
  2. The DNS resolver finds and pairs the domain name to an IP address. The DNS resolver resolves the domain by replying to the user’s device with the corresponding IP address.
  3. Finally, the device interacts with the sever at the IP address and connects to load the content.

How does DNS filtering work?

DNS blocking is largely known for providing content-based filtering. By blocking internet users from opening malicious content at the DNS level, businesses can set permissions and choose which websites employees can access during operating hours. DNS filtering also safeguards company productivity by restricting staff from entering time-consuming websites at leisure. Websites that pose high cyber risk include social media, news, illegal content, gambling, adult sites, and more.

DNS content filtering works by adhering to a blocklist of websites configured by the administrator at the network or endpoint device level. These websites are categorized by domain name or IP address and a DNS resolver can refuse to satisfy queries requested by the user attempting to access an unapproved website.

Blocklist meaning

DNS blocklists such as DNSBL (DNS-based blocklists) and RBL (real-time blocklists), are lists of known malicious domains and IP addresses that should be avoided. DNS filtering vendors use blocklists as a guide to forbid users from entering harmful websites. Cybersecurity professionals share blocklists within the security community and DNS vendor support staff or your IT security teams can configure blocklists and allow-lists to meet your organization’s needs.

How does IP blocking work?

IP address blocking is similar to DNS blocking, but it prevents users from accessing undesirable websites at the IP address level. IP address blocking is used to protect devices and networks against intrusion and is a valuable security measure against DDoS attacks. During a DDoS attack, IP blocking slows the influx of requests and false traffic that bombard your company’s resources.

Benefits of DNS protection for your organization

DNS filtering works to keep your DNS secure and guards your business’s internet users from downloading unwanted content. Threat actors carry out phishing campaignsransomwarezero-daymalware, and other cyberattacks by creating new webpages luring unsuspecting individuals to take advantage of. Implementing a DNS security solution not only protects network user devices but supports your company’s data protection and data loss prevention (DLP) initiatives.

Satisfy compliance regulations

DNS filtering meets the requirements of or can help satisfy the policies of:

  • CIPA (The Children’s Internet Protection Act)
  • NIST (National Institute of Standards and Technology)
  • HIPAA (Health Insurance Portability and Accountability Act)


A DNS blocker protects company productivity by preventing employees from visiting recreational websites. These websites are sometimes low quality and pose high cyber risk to your organization. Adversaries use low quality websites as vectors to target employee credentials, sensitive data, and intellectual property. Companies can block access to recreational websites to prevent employees from squandering time on sites that are unrelated to their work tasks. Time-based DNS filtering gives businesses the versatility to schedule filter rules at specific time intervals, such as prohibiting social media websites during company operating hours. DNS filtering tools mitigate your organization’s risk of a cyberattack, while helping your employees champion productivity and prevent workplace distraction.

DNS filters: Choosing the right one for your business

Easy to deploy and lightweight, protecting your business at the DNS level has never been easier with ThreatDown DNS Filtering to give your organization the control to block harmful websites and malicious content. Learn more on Nebula cloud-based security platform or how you can defend your business’ web connections and collaborations within third-party environments from web-based cyberattacks. ThreatDown DNS Filtering aligns with your internet access policies (IAP) to support your team’s mission-critical endpoint security strategy and enhance your cybersecurity posture.

Featured Resources

DNS Security FAQs

Why is DNS security important?

DNS filtering gives your business an added layer of cyber protection against web-based attacks through blocklists that stop internet users from accessing malicious websites and content. Companies use DNS protection to mitigate their risk of malware and phishing attacks.

How does DNS web filtering work?

DNS filtering works by using a blocklist compiling websites that the administrator has configured at the network or endpoint device level. These websites are classified by domain name or IP address and are known malicious sites organizations want to disallow user access to. A DNS resolver can refuse to respond to queries from a user trying to access an unapproved website.

Is DNS protection necessary?

DNS protection provides an extra layer of defense within the DNS process to keep your network and users safe when connected to the web by filtering inappropriate and dangerous websites. DNS filtering works with your business’ endpoint security and endpoint detection and response (EDR) tools.