In this article

A connection error page indicates that DNSFilter cannot resolve the requested domain.

This error is different from a DNSFilter block page. Block pages display the blocked domain, the policy responsible for the block, and typically the blocked category.

The error page described here indicates a configuration or network issue preventing DNSFilter from processing the request.

If you’re seeing this page, something is wrong. Please contact your DNS-Based content filtering provider for assistance

This page typically appears for one of the following reasons:

• The DNSFilter configuration does not include the correct network IP addresses
• DNS traffic is being blocked, filtered, or redirected by another security control or ISP

Insufficient IP address configuration

When using DNS Forwarding (Network Forwarding), DNS traffic must originate from an IP address registered in the DNSFilter dashboard.

DNSFilter operates a closed DNS network.
Unlike Google and Cloudflare, DNSFilter only responds to DNS queries from recognized networks.

Resolve this issue by confirming that all relevant public IP addresses are added to the DNSFilter dashboard, including:

• Primary external IP addresses
• Secondary ISP connections
• Failover or backup WAN links

If DNS traffic originates from an unregistered IP address, DNSFilter will not respond to the request.

DNS traffic interception

DNS traffic interception—also called transparent proxying—occurs when another system redirects DNS queries before they reach DNSFilter.

Common sources include:

• Firewall or network security appliance configuration
• Endpoint security software
• ISP DNS interception or caching

Satellite internet providers (e.g., Starlink) and mobile network providers (3G/4G/LTE) commonly use DNS proxying to improve performance or enforce filtering requirements.

Troubleshooting Steps

Follow these steps to determine the cause of the issue.

Step one: Confirm the public IP address

Verify that the public IP address registered in the DNSFilter dashboard matches the network’s actual public IP address.

✍️ Note: If deploying only Roaming Clients or DNS Relay, skip to Step 2.

1. Confirm the IP address by visiting Whatismyip.com or run the following command from a device terminal or command prompt:

   nslookup myip.dnsfilter.com. -server 103.247.36.36

   This command echoes back your IP address
   

2. Compare this value with the IP address configured in the DNSFilter dashboard
3. If the addresses do not match, update the Site configuration

If the addresses match, continue to Step 2.

Step two: Verify the DNS server

Confirm that DNS requests are reaching DNSFilter by running this command in terminal:

nslookup myip.dnsfilter.com.

✅ Successful Resolution:

• The output shows the DNSFilter server (dns1dnsfilter.com)
• The response includes the network’s public IP address

❌ Unsuccessful Resolution:

• A different DNS server appears in the response
• The output may include the message can't find myip.dnsfilter.com

This indicates either:

• DNSFilter is not configured as the device’s DNS server
• DNS requests are being intercepted before reaching DNSFilter

Continue to Step 3 to determine the cause.

Step three: Identify the source of interception

Review the following areas to determine what may be preventing DNS traffic from reaching DNSFilter:

1. Confirm the network points to the DNSFilter Anycast IP addresses (103.247.36.36 and 103.247.37.37)
2. Check all network security settings for conflicts
3. Determine if transparent proxying by your ISP is taking place

Correcting the configuration or disabling DNS interception should allow DNS requests to reach DNSFilter and restore normal browsing behavior.