Multiple Policies with NAT IPs


This feature is not applicable to networks with Active Directory. Windows DNS Server does not have a way to forward DNS based on subnet or internal IP address. The only conceivable way to utilize this feature with Active Directory is to have a separate Domain Controller for each group of computers you want to utilize NAT IPs, which is normally not a reasonable solution. Contact support for more information.


DNSFilter’s NAT IPs feature allows up to 7 different policies using a single egress IP address. This facilitates separate content filtering and/or threat protection policies for different segments of your network, such as guest Wi-Fi, server farms, staff BYOD, and executive devices.

When we receive your DNS requests, we apply the specific policy based on the set of DNSFilter IP addresses used to contact us. We have 7 sets of IPs which all utilize the same global infrastructure.

Within your network, you must configure the devices to resolve the specific set of DNS addresses you have configured in the DNSFilter Dashboard policy (explained in the next section).

Note the DNS IPs assigned to the devices in the diagram below (.101, .102, etc)


Create a new policy in the Policies section of the dashboard.

When configuring the new policy, click on the NAT IPs tab and select a set of DNS servers from the list.

When a policy has NAT IPs configured, it will appear in the Policies section as shown below.

To ensure the NAT IPs policies and your network devices are configured properly, add a different test domain to the Blacklist for each policy, then ensure the devices see a block page for the specific domain which was set up on their NAT IPs policy.

If you have further questions regarding NAT IPs, or the feature is not working as expected, drop us a line at

Still need help? Contact Us Contact Us