This post focuses on known browser settings that can conflict with DNSFilter, providing users with actionable adjustments to enhance their browsing experience and maintain optimal DNSFilter functionality.

Panda Safe (Web)

Panda security products (Panda Antivirus and Panda Dome) offer a product feature called “Panda Safe Web.” This operates a URL filtering service on Windows that conflicts with the DNSFilter Roaming Client proxy, which is necessary for the Roaming Client to function.

Disable this feature during installation or after the service is installed.

During installation

From the installation window, uncheck Install Panda Safe Web protection against malicious websites.

After installation

1. From the Windows search bar, search services.msc
2. Right-click panda_url_filtering Service from the list of services
3. Select Properties
4. Update Startup Type to disabled and stop the service
5. Restart DNSFilter and test the resolution

Google Chrome (Data Saver)

Google Chrome’s Data Saver feature is a proxy, performing on-the-fly optimizations with the goal of reducing bandwidth usage and loading content for mobile devices faster. This is especially useful for cellular 3g/4g/LTE connections due to the cost and speed of bandwidth.

According to Google’s documentation, this feature is enabled by default on all Android devices, but in our experience, this is not always the case and depends on the Android version, device, and Google Chrome version. There is also a Chrome plugin for desktop operating systems.

With Data Saver enabled, DNS requests go directly through the proxy, circumventing DNSFilter policy enforcement.

Resolve this conflict with DNSFilter settings: Block Proxy and Filter Avoidance in the Threats tab when editing a Policy, or add *googlezip.net*  and datasaver.googleapis.com to the Block list. 

Puffin Browser

The Puffin web browser is unique because it is a server-side browser. As such, it uses its own connection to CloudMosa servers (the company which produces Puffin). Essential to the communication of the browser is the HTTPS communication to CloudMosa. This makes blocking Puffin easy. By adding cloudmosa.net to your policy Block list, the browser cannot trust the SSL certificate it uses for communication and will hang on startup. The domain puffinbrowser.com can also be Block listed so that users cannot download the browser to begin with.