Extra Settings

Article author
Josh L
  • Updated

The extra settings tab of a policy allows you to configure DNSFilter beta features. The settings on this page are experimental and at the forefront of new developments in our filtering platform. For most environments where stability is a concern, we encourage leaving the default settings on this page (all options turned off).

Experimental Options

Below is an explanation of the items on this page:

  • Advertising - This returns a NODATA response for sites that are classified as advertising. We do this to speed up response time and ensure that no error messages for ads will negatively affect user experience. This setting is off by default as we continue to build a robust list of ad domains. You can set this to be "moderate," which will block advertisements from all domains except trusted ones, such as Google, or you can do "strict," which will block all advertisements. In your reporting, you will see "moderate" referred to as Advertising Lite and "strict" referred to as Advertising.
  • Trackers - This returns a NODATA response for sites that are classified as trackers. We do this to speed up response time and ensure that no error messages for trackers will negatively affect user experience. This setting is off by default as we continue to build a robust list of tracker domains. You can set this to be "moderate," which will block trackers for all domains except trusted ones, such as Google, or you can do "strict," which will block all trackers. In your reporting, you will see "moderate" referred to as Trackers Lite and "strict" referred to as Trackers.
  • Parked Sites & Domains - These are sites that are not displaying legitimate content but instead are showing "Parked" pages with common search terms, "Under Construction" messages, or a list of advertisements. In some cases, these may be newly registered domains. This setting is off by default.
  • Interstitial Page Feature - This is a unique feature of DNSFilter in the industry. This feature pauses users when they attempt to visit a domain that has not been seen before by our AI scanner. The scanner performs a real-time categorization of the domain and then allows the user to enter or deny entry based on your policy settings. This is off by default because of some UX issues with Chrome.
  • Malicious Domain Protection - This feature leverages new ML capabilities to identify risky domain strings to secure against domain generation algorithms (DGA) and other threat vectors. This model will continue to be improved over time.
  • Block Uncategorized Sites - This setting controls whether or not to block domains that the system has not classified (including newly registered domains). It is off by default because many Content Servers and Content Distribution Networks (CDNs) are served from domains with no web content to scan but are important to end-user experience (Office Online documents, Dropbox uploads, etc.).
  • Internet Watch Foundation (IWF) Filtering - Unlike the other features, the IWF filter is not experimental. It is turned on permanently in our efforts to join with others in combating child pornography and child sexual abuse.

malicious copy.jpg

Interstitial Filtering

If a domain has never been seen by DNSFilter’s content filtering system, likely because it is newly registered or obscure. These domains can pose a significant risk for inappropriate content, which most filtering solutions cannot handle because these domains have not been categorized yet.

If the interstitial filter is turned on, requests made to never-before-seen domains will be presented with a special block page, where we will attempt to categorize the domain in real-time, requiring 60 seconds to complete the process.

8aa63f6-file-HwsJgNOgoV.png__521_421__2021-05-21_13-56-36.png

If the domain's new categories are allowed by the Filtering Policy, the browser will display a confirmation message and forward you to the domain.

58e5bb8-file-yrW8YZpfLb.png__671_326__2021-05-21_13-57-09.png

If the Filtering Policy blocks the domain's new categories, the browser will display the Block Page Policy's block page.

9e6cae2-file-8grLKuK0S1.png__666_401__2021-05-21_13-58-22.png

If the domain fails to auto-categorize after 60 seconds, DNSFilter will automatically stop trying to auto-categorize the domain after 5 minutes internally and set it as an "Uncategorized Domain."

7d6677e-file-947ltsa1JY.png__709_320__2021-05-21_13-59-29.png

More details can be found on the Uncategorized Sites page.

Was this article helpful?

9 out of 10 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.