Frequently Asked Questions

Article author
Josh L
  • Updated

Q. How easy is DNSFilter to configure?
A. It is very simple to set up. All that is necessary is forwarding your DNS to us. That usually takes place on your router, your firewall, or your Domain Controller as a forwarding zone. Once your DNS setting is changed to send queries to us, you can fully manage our solution in a beautiful and clean dashboard. You can view reporting, a near real-time stream of query traffic, and several different reporting views.

Q. How fast is your service? Will it slow down my connection or add latency?
A. We operate a global anycast network, which means that our servers are spread out geographically so that you hit a server close to you. This allows us to have a very fast response time. We have only a slight hit over querying Google or Cloudflare, which is excellent considering they have minimal (if any) filtering. Our servers also distribute policy changes very rapidly. Changes to your Allow list/Block list take place in less than one second across our servers.

Q. Can I have multiple policies on the same network?
A. Yes. There are a few ways to do this. You can implement separate subnets on your network and have DHCP hand out different DNS addresses to each subnet (we call this NAT IPs). We also offer a DNSFilter Relay software component/VM which you can use to specify different policies. Or you can set up one of our Roaming Clients on devices that you wish to have separate policies on.

Q. Can I set different policies for different times of the day or different days of the week?
A. Yes, we have Filtering Schedules that you can set through an easy-to-use calendar. You can set different policies to take place anytime you like and any day you like.

Q. How can I tell which users are accessing which websites?
A. The Users feature will allow administrators to apply specific policies, schedules, and block pages to an organization’s users on a granular level. Reports and query logs can also be filtered on a per-user basis, to enable more detailed reporting and troubleshooting.

Q. Is my information safe on your network?
A. We can confidently say yes. The nature of our service is something like a constantly changing phonebook. We match internet names to IP addresses, and where those names are a security threat or are blocked by your policy we don’t allow a connection. However, once the connection is made we have no further part. So the information you are transferring never touches our servers. We just perform the translating.

Q. How can I block torrents?
A. Because we operate on DNS traffic, we don’t stop torrent traffic. However, we categorize torrent tracking sites under “P2P & Illegal” content. We can prevent users from getting to these sites and getting the seed files necessary to torrent. We have an article on blocking torrents.

Q. How can I block social media/time-wasters?
A. Yes, we have a “Social Media” category to block Facebook, Instagram, Pinterest, etc. We also maintain lists of each of these sites so that you can add any of them to your Allow list if necessary.

Q. How responsive are you to recategorize sites?
A. In most cases, a submission to us is recategorized in 24-48 hours. You can always add the domain to your Allow list/Blocklist and changes take place immediately.

Q. Do you integrate with Active Directory?
A. Yes, see Active Directory for more details.

Q. What is your value from a security standpoint?
A. Yes, we enforce SafeSearch for Google, Bing, and YouTube. For YouTube, you can even adjust the level of restriction you wish to have. Note that there is no filtering available for Yahoo, DuckDuckGo, or other search engines. We recommend blocking the search portals category and Allowing Google and Bing.

Q. What kind of reporting do you offer?
A. We have a reporting dashboard that allows you to filter timelines and per-site traffic in a variety of ways, so for all reports, you can view total aggregate or by a selection of sites. You can view request volume, categories, top requested domains, as well as threat reporting. This will show you which malicious domains were attempted by which locations, making it easy to see the security value in our product and also helping you to narrow down which sites may be infected and attempting to phone home.

Q. What is DNSFilter's value from a security standpoint?
A. We are the first line of defense in protecting your business. We block threats before your employees gain access to them. We are an extremely effective security solution for preventing requests to malicious domains, illegal activity, and phishing. We have a constant stream of security feeds that allow us to respond instantly to internet threats. Because our servers receive federated updates within a second, any updates will immediately protect all our customers. There is no software or definition files to install.

Q. Do you offer Multi-factor Authentication (or 2FA) for account security?
A. Yes. Multi-factor Authentication is a way to secure your DNSFilter account further by requiring more than just your username and password. You can set up Multi-factor authentication using any device capable of generating Time-based One-Time Password (TOTP) authentication codes, but we recommend using Google Authenticator, Authy, 1Password, or LastPass authenticator.

Q. How are my DNS requests to a large service or CDN provider handled when my city is different than the nearest DNSFilter Anycast node city?
A. We support a technology called eDNS0 Client Subnet (ECS) – When we receive a request from you, we note your public source IP; and we pass along the /24 of that to the authoritative DNS of Office365. They then use that information in order to provide us with the ‘best’ location of theirs for YOU, regardless of where our anycast node that your traffic went to is located. So It’s then on them to have provided the best location based on your ISP and connectivity between your ISP and them.

Q. What is DNS? What does DNS stand for?
A. DNS stands for "Domain Name System" or "Domain Name Server". DNS takes a domain name, such as www.dnsfilter.com, translates it to an IP address and serves up the content located at that IP address. This allows us to navigate the internet in a simpler way. Instead of having to know your favorite website's IP address, we can get there by simply entering the domain name.

Q. How do I stop phishing, ransomware, and malware?
A. By enabling DNS protection, you can filter out phishing, ransomware, and malware sites altogether. That means if an employee opens and clicks on a phishing email, the link in the email won't work. We have 7 threat categories including "Phishing & Deception", which we define as "Fraudulent websites that aim to trick users into handing over personal or financial information." Blocking these websites is an obvious step in preventing phishing and other attacks.

Q. Should I use DNS over HTTPS
A. The existence of DoH highlights the importance of maintaining control over your DNS data. By employing DNSFilter to secure your DNS, you are preventing DNS tracking and spoofing. See our blog for a detailed breakdown: https://www.dnsfilter.com/blog/what-is-dns-over-https

Q. Should I use DNS over TLS?
A. It is very simple to set up. All that is necessary is forwarding your DNS to us. That usually takes place on your router, your firewall, or your Domain Controller as a forwarding zone. Once your DNS setting is changed to send queries to us, you can fully manage our solution in a beautiful and clean dashboard. You can view reporting, a near real-time stream of query traffic, and several different reporting views.

Was this article helpful?

2 out of 4 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.