In this article

Q. How easy is DNSFilter to configure?
A. It is very simple to set up. All that is necessary is forwarding your DNS to us. That usually takes place on your router, your firewall, or your Domain Controller as a forwarding zone. Once your DNS setting is changed to send queries to us, you can fully manage our solution in a beautiful and clean dashboard. You can view reporting, a near real-time stream of query traffic, and several different reporting views.

Q. Can I have multiple policies on the same network?
A. Yes. There are a few ways to do this. You can implement separate subnets on your network and have DHCP hand out different DNS addresses to each subnet (we call this NAT IPs). We also offer a DNSFilter Relay software component/VM which you can use to specify different policies. Or you can set up one of our Roaming Clients on devices that you wish to have separate policies on.

Q. Can I set different policies for different times of the day or different days of the week?
A. Yes, we have Filtering Schedules that you can set through an easy-to-use calendar. You can set different policies to take place anytime you like and any day you like.

Q. How can I tell which users are accessing which websites?
A. The Users feature will allow administrators to apply specific policies, schedules, and block pages to an organization’s users on a granular level. Reports and query logs can also be filtered on a per-user basis, to enable more detailed reporting and troubleshooting.

Q. Is my information safe on your network?
A. We can confidently say yes. The nature of our service is something like a constantly changing phonebook. We match internet names to IP addresses, and where those names are a security threat or are blocked by your policy we don’t allow a connection. However, once the connection is made we have no further part. So the information you are transferring never touches our servers. We just perform the translating.

Q. How can I block social media/time-wasters?
A. Yes, we have a “Social Media” category to block Facebook, Instagram, Pinterest, etc. We also maintain lists of each of these sites so that you can add any of them to your Allow list if necessary.

Q. How responsive are you to recategorize sites?
A. In most cases, a submission to us is recategorized in 24-48 hours. You can always add the domain to your Allow list/Block list and changes take place immediately.

Q. Do you integrate with Active Directory?
A. Yes, see Active Directory for more details.

Q. Do you support SafeSearch?
A. Yes, We enforce SafeSearch for Google, Bing, DuckDuckGo, Ecosia, and Yandex. For YouTube, you can even adjust the level of restriction you wish to have.

Q. What is DNSFilter's value from a security standpoint?
A. We are the first line of defense in protecting your business. We block threats before your employees gain access to them. We are an extremely effective security solution for preventing requests to malicious domains, illegal activity, and phishing. We have a constant stream of security feeds that allow us to respond instantly to internet threats. Because our servers receive federated updates within a second, any updates will immediately protect all our customers. There is no software or definition files to install.

Q. Do you offer Two-Factor Authentication (or MFA) for account security?
A. Yes. Two-factor Authentication is a way to secure your DNSFilter account further by requiring more than just your username and password.

You can set up two-factor authentication using any device capable of generating Time-based One-Time Password (TOTP) authentication codes.

Q. How are my DNS requests to a large service or CDN provider handled?
A. Utilizing the largest public Anycast network, our transit provider boasts an impressive 2300+ BGP peers and growing, with 19+ Internet Exchange memberships and an open peering policy. Our anycast network is configured to automatically reroute to the next nearest destination if one of these nodes goes offline.

Q. Does DNSFilter send the eDNS0 Client Subnet (ECS) header?
A. We are a privacy and security focused DNS resolver. This means we do not want to share any client IP information with upstream resolvers and therefore do not send the eDNS0 Client Subnet (ECS) header to authoritative servers by default. If this is a feature you'd like to see us work on, please submit a feature request. 

Q. Should I use DNS over HTTPS
A. The existence of DoH highlights the importance of maintaining control over your DNS data. By employing DNSFilter to secure your DNS, you are preventing DNS tracking and spoofing. See our blog for a detailed breakdown: https://www.dnsfilter.com/blog/what-is-dns-over-https