In this article
Use this article as a technical reference for platform limits and operational considerations when deploying DNSFilter. These limits help administrators plan deployments, policy design, and integrations in larger environments.
DNSFilter operates a global Anycast DNS network and cloud management platform. Most limits below relate to dashboard configuration objects, policy structures, and reporting features.
DNS Infrastructure
DNSFilter operates a global Anycast network designed for high availability and low latency.
Key characteristics:
- 200+ Anycast DNS servers
- 80+ global data centers
- Automatic route optimization via Anycast
- Redundant upstream connectivity
DNS queries automatically route to the nearest available DNSFilter node. No manual region configuration is required.
Deployment components
| Feature | Details |
|---|---|
| IPv4 | Supported by all services. |
| IPv6 |
Full support for Network deployments. Limited support for Roaming Clients. Limited support for DNS Relays. |
| Network Identification | |
| Endpoint agents |
DNSFilter provides endpoint agents known as Roaming Clients. Supported platforms include:
Endpoint agents enforce DNS filtering outside the corporate network. |
| DNS Relay |
DNS Relay provides a forwarding resolver for internal networks. Relay capabilities include:
Relay deployments support:
|
| Policy Assignment Methods |
When multiple assignment methods exist, the most specific policy assignment take precedence. |
| Filtering Lists |
Universal lists apply globally across policies. Types:
These lists override category-based filtering decisions. These list hold up to 1,000 FQDNs. Policy-level lists contain up to 15,000 entries that apply only to that policy. |
Logging and Data Retention
DNSFilter provides multiple logging capabilities depending on the feature used.
| Feature | Details |
|---|---|
| Query Logs | Query logs provide DNS request visibility. Retention duration varies depending on subscription plan; 3, 6, or 9 days and is exportable via CSV. |
| Insights Reporting | A snapshot of network data at the MSP and Organization level. Retention duration varies depending on subscription plan; 30, 60, or 90 days. |
| CyberSight Activity Logs |
CyberSight captures endpoint activity data when deployed with the Windows Roaming Client. Data captured includes:
CyberSight retains activity data for up to one year and is exportable via CSV. |
| Data Export | Data Export allows forwarding DNS logs to external platforms such as SIEM systems. Data Export is an add-on feature. |
Security Controls
DNSFilter supports several administrative security features.
| Feature | Details |
|---|---|
| Multi-Factor Authentication (MFA) |
In addition to a username and password, users must provide a time-based one-time authentication code generated by an authenticator application or email verification. MFA is enforced by default for new DNSFilter accounts. |
| SSO integration |
Authenticate users through an external Identity Provider (IdP) such as:
DNSFilter supports OpenID Connect (OIDC) authentication, enabling organizations to centralize identity management, and enforce existing access policies. |
| Role-based access control |
Role-based access includes:
|
| Policy audit logging | Policy audit logging records changes made to Global and Organization filtering policies. Data is retain up to one year. |
Comments
0 comments
Please sign in to leave a comment.