If you're managing an on-premises Windows Active Directory (AD) server and want to configure its DNS forwarders to use DNSFilter, here’s a quick guide on how to set it up effectively.

Configure DNS Forwarders

1. Add DNSFilter servers as Forwarders: You can update your DNS forwarders on the Windows AD server to point to DNSFilter’s DNS servers. This ensures that all DNS queries are filtered and secured through DNSFilter.
2. Include the server’s own IP address: It’s possible to add the server’s own IP address as a forwarder, allowing internal queries to be handled locally while external queries are sent to DNSFilter for filtering.
3. Add firewall DNS servers: You can also include the DNS servers used by your firewall in the forwarders list, ensuring that traffic flowing through the firewall adheres to the same DNS filtering policies.

Preventing Circumvention of DNS Filtering

To make sure that DNSFilter remains the primary DNS resolver and to prevent users from bypassing the filtering, we recommend applying certain firewall rules. These can block alternative DNS traffic and enforce DNSFilter as the primary DNS resolver.

Check out our guide on Preventing Circumvention of DNS Filtering for detailed instructions on setting up these firewall rules.