Carrier-Grade NAT

Article author
Josh Lamb
  • Updated

Carrier-Grade NAT is the practice of assigning a private IPv4 address to consumer devices, such as modems, routers, access points, mobile phones, etc.

This is often utilized by Wireless or Cellular ISPs, as there are not enough IPv4 addresses available to assign for every internet-connected device.

The result is the public IP address used to communicate with other devices on the internet can change at any time, and is likely shared with dozens, hundreds, or thousands of other subscribers of that ISP.

Networks or devices which use ISPs with Carrier-Grade NAT cannot use DNSFilter by simply pointing DNS to DNSFilter, because the public IP address used to send DNS queries will change frequently, and the ISP is also likely to be operating a Transparent Proxy, which will prevent DNS queries from reaching DNSFilter.



Utilizing a VPN to send all traffic, or all DNS traffic to another location which does not employ Carrier-Grade NAT is a common workaround. This might be especially useful if using a Wireless network as a backup ISP in a network.

The type of VPN will depend on the local networking equipment and infrastructure.

Roaming Client

If all computers at the location are using the Windows operating system, you may consider installing the Roaming Client, which does not rely on a public IP address to utilize DNSFilter.

Change ISP

If possible, you may consider changing your Internet Service Provider to one that does not employ Carrier-Grade NAT. This will provide you with a true external IP address for all of your network services.

Was this article helpful?

2 out of 4 found this helpful

Have more questions? Submit a request



Article is closed for comments.