Frequently Asked Questions

Article author
Joshua Lamb
  • Updated


  • It is very simple to set up. All that is necessary is forwarding your DNS to us. That usually takes place on your router, your firewall, or your Domain Controller as a forwarding zone. Once your DNS setting is changed to send queries to us, you can fully manage our solution in a beautiful and clean dashboard. You can view reporting, a near real-time stream of query traffic, and several different reporting views.

  • We operate a global anycast network, which means that our servers are spread out geographically so that you hit a server close to you. This allows us to have a very fast response time. We have only a slight hit over querying Google or Cloudflare, which is excellent considering they have minimal (if any) filtering. Our servers also distribute policy changes very rapidly. Changes to your Allow list/Block list take place in less than one second across our servers.

  • Yes. There are a few ways to do this. You can implement separate subnets on your network and have DHCP hand out different DNS addresses to each subnet (we call this NAT IPs). We also offer a DNSFilter Relay software component/VM which you can use to specify different policies. Or you can set up one of our Roaming Clients on devices that you wish to have separate policies on.

  • Yes, we have Filtering Schedules that you can set through an easy-to-use calendar. You can set different policies to take place anytime you like and any day you like.

  • The Users feature will allow administrators to apply specific policies, schedules, and block pages to an organization’s users on a granular level. Reports and query logs can also be filtered on a per-user basis, to enable more detailed reporting and troubleshooting.

    You may also decide to utilize our Roaming Clients, which are available for many different operating systems and device types. With the Roaming Client, you can have granular control and visibility over each computer. Often computers are assigned to a specific person within the organization, which allows you to easily associate data from the reports to a user.

  • The order of priority is as follows: 1. User-applied policy. 2. Managed or Manual Collection. 3. MAC address. 4. Private IP address. 5. Roaming Client. 6. Site configured public IPs. 7. Fallback DNS.

  • We can confidently say yes. The nature of our service is something like a constantly changing phonebook. We match internet names to IP addresses, and where those names are a security threat or are blocked by your policy we don’t allow a connection. However, once the connection is made we have no further part. So the information you are transferring never touches our servers. We just perform the translating.

  • Because we operate on DNS traffic, we don’t stop torrent traffic. However, we categorize torrent tracking sites under “P2P & Illegal” content. We can prevent users from getting to these sites and getting the seed files necessary to torrent. We have an article on blocking torrents.

  • Because we operate on DNS traffic, we cannot stop TOR traffic. However, we categorize TOR and .onion sites on the clear web under “P2P & Illegal” content. We can prevent users from getting to these sites and getting to the download pages of these sites but if someone already has the TOR browser installed on a device then they can bring it onto the network. There are ways to block tor traffic through firewalls, we recommend looking at the manufacturer's documentation on how to achieve this.

    Because we operate on DNS traffic, we don’t stop torrent traffic. However, we categorize torrent tracking sites under “P2P & Illegal” content. We can prevent users from getting to these sites and getting the seed files necessary to torrent. We have an article on blocking torrents.

  • Yes, we have a “Social Media” category to block Facebook, Instagram, Pinterest, etc. We also maintain lists of each of these sites so that you can add any of them to your Allow list if necessary.

  • In most cases, a submission to us is recategorized in 24-48 hours. You can always add the domain to your Allow list/Blocklist and changes take place immediately.

  • Yes, see Active Directory for more details.

  • Yes, we enforce SafeSearch for Google, Bing, and YouTube. For YouTube, you can even adjust the level of restriction you wish to have. Note that there is no filtering available for Yahoo, DuckDuckGo, or other search engines. We recommend blocking the search portals category and Allowing Google and Bing.

  • We have a reporting dashboard that allows you to filter timelines and per-site traffic in a variety of ways, so for all reports, you can view total aggregate or by a selection of sites. You can view request volume, categories, top requested domains, as well as threat reporting. This will show you which malicious domains were attempted by which locations, making it easy to see the security value in our product and also helping you to narrow down which sites may be infected and attempting to phone home.

  • We are the first line of defense in protecting your business. We block threats before your employees gain access to them. We are an extremely effective security solution for preventing requests to malicious domains, illegal activity, and phishing. We have a constant stream of security feeds that allow us to respond instantly to internet threats. Because our servers receive federated updates within a second, any updates will immediately protect all our customers. There is no software or definition files to install.

  • Yes. Multi-factor Authentication is a way to secure your DNSFilter account further by requiring more than just your username and password. You can set up Multi-factor authentication using any device capable of generating Time-based One-Time Password (TOTP) authentication codes, but we recommend using Google Authenticator, Authy, 1Password, or LastPass authenticator.

  • We support a technology called eDNS0 Client Subnet (ECS) – When we receive a request from you, we note your public source IP; and we pass along the /24 of that to the authoritative DNS of Office365. They then use that information in order to provide us with the ‘best’ location of theirs for YOU, regardless of where our anycast node that your traffic went to is located. So It’s then on them to have provided the best location based on your ISP and connectivity between your ISP and them.

  • Content filtering is the best way to block websites that you don’t want employees to access on your company network. 

    When you use a content filtering solution like DNSFilter, you’re able to:

    • Control what site categories users can access
    • Apply block and allow lists
    • Block entire threat categories such as phishing, malware, and botnet threats
    • Look at DNS queries on your network to see if any unwanted sites are slipping through the cracks

    Learn more on our blog:

  • DNS filtering is a defense tool that prevents cybersecurity threats by following simple logic: if a website has something potentially dangerous within it, DNS filtering blocks a user from visiting it in the first place. It’s a zero-trust solution that leaves nothing to chance.

    Learn more in our detailed blog post:

  • DNS stands for "Domain Name System" or "Domain Name Server". DNS takes a domain name, such as, translates it to an IP address and serves up the content located at that IP address. This allows us to navigate the internet in a simpler way. Instead of having to know your favorite website's IP address, we can get there by simply entering the domain name.

  • By enabling DNS protection, you can filter out phishing, ransomware, and malware sites altogether. That means if an employee opens and clicks on a phishing email, the link in the email won't work.

    At DNSFilter, we have 7 threat categories including "Phishing & Deception", which we define as "Fraudulent websites that aim to trick users into handing over personal or financial information." Blocking these websites is an obvious step in preventing phishing and other attacks.

  • The existence of DoH highlights the importance of maintaining control over your DNS data. By employing DNSFilter to secure your DNS, you are preventing DNS tracking and spoofing. See our blog for a detailed breakdown:
  • DoH is on everyone’s minds because it’s what Google uses, but it’s not necessarily better than DoT. It’s just different, and in some ways, it’s actually inferior to DoT.

    In a lot of ways, DoT is more efficient because of which layer within the TCP/IP model it is enabled in. Remember, DoH is two layers removed from the internet layer while DoT is only one layer removed.

    See our blog for a detailed breakdown:
  • Utilizing the largest public Anycast network, our transit provider boasts an impressive 2300+ BGP peers and growing, with 19+ Internet Exchange memberships and an open peering policy. Our anycast network is configured to automatically reroute to the next nearest destination if one of these nodes goes offline. We have a Status Page that provides real-time as well as historical system status for all DNSFilter services. Below is a list of our important services, along with a description of what would happen if they were degraded or offline:

    • DNS Resolvers

    • Primary DNS Resolver: If this server was not functioning, requests would be gracefully re-routed to the secondary DNS resolver.

    • Secondary DNS Resolver: If this server was not functioning, there would be system-wide issues in resolving DNS requests only in the event that the primary DNS handler was also down.

    • Dashboard

    • Analytics: This server collects analytic data. If it is down, DNS requests are still served and data is being collected, but may not be visible in the dashboard.

    • Interface (Front End): This refers to the customer dashboard/UI. If down, DNS requests are still resolved and statistics are being collected, but you may not be able to view/edit your networks.

    • API: If this server was not functioning, we would still be resolving requests, but third-party integrations may be degraded.

    • Features

    • Blocked Page: This is the server hosting the notifications for when a user is prevented from accessing a forbidden site. If this server is offline, users will still be prevented from accessing inappropriate content but may not see any notification webpage.

    • Changelog: This is the server hosting our public notices of new features. If degraded, this information will be temporarily unavailable.

    • Proxy Bypass: This server hosts our proxy which users are directed to if they input a correct Bypass Password. If degraded, users will not be allowed to use Bypass Passwords.

    • Interstitial Page: This server holds requests until real-time AI categorization is complete. If degraded, user requests will operate according to their default handling of Unknown/uncategorized sites.


Was this article helpful?

2 out of 3 found this helpful

Have more questions? Submit a request



Article is closed for comments.