DNS filtering, or DNS blocking, is a security measure that prevents you from accessing malicious domains. To do this, DNS resolvers use lists containing IP addresses considered to be malicious or questionable and simply block their access requests. The advantage? It primarily concerns enterprises, which can correct their most important vulnerabilities with the help of rigorous access control.
DNS filtering: what is it exactly?¶
DNS filtering is a preventive security measure, which blocks access to dangerous, fraudulent or malicious domains. To filter out sites considered malicious, the Domain Name System (DNS) is combined with DNS blocklists on a DNS server. Blocking lists are associated with the DNS resolver, which blocks access to the sites thus listed. If people within a network attempt, knowingly or unknowingly, to access dangerous or prohibited domains, the DNS filter rejects these requests, at least when the target IP address is on the block list and it recognizes the latter.
DNS block list: what is it?¶
The blocklist is the most important element for a DNS filter. THE DNS lists serve as their basis. These are regularly updated by the community created around IT security, but they can also be generated independently. Also, some DNS filters automatically refresh their own lists by analyzing websites. If malicious code is detected when accessing a website, the domain or IP address in question immediately joins the list concerned. The operation of DNS filters can therefore be compared to that of a firewall or blacklisting (literally “blacklisting”) with regard to domain name resolution.
In addition to some already infamous IP addresses for malware, a blocklist often contains the names of dubious or banned domains. These may include sites whose content is illegal and reserved for adults, or sites that do not respect copyright. Companies that use a DNS blocklist attempt to preventive defense against damage ; to do this, they limit people’s access rights to the corporate network. Blocklists also have their opposite; these are approval lists, also known as authorization lists or whitelisting. If so, it is only possible to access domains that are already listed.
Always focus on security: with the MyDefender solution offered by IONOS, protect yourself against malware, ransomware, phishing and many other cyber threats. Also enjoy automatic backups, malware scanning and data recovery system.
The Benefits of DNS Filtering¶
While DNS filters also provide better security performance for individuals, they primarily fulfill an important protective function for corporate networks. In particular, DNS filtering can offer you the advantages presented below.
Malware Defense¶
By blocking domains already considered unsafe or analyzing pages before allowing you to access them, a DNS filter can allow you to effectively correct your vulnerabilities. Thus, malware will not be able to infiltrate your company’s network. “Thanks” to “social engineering” strategies, all it takes today is a falsely authentic email with a malicious link to infect a system, if someone in your company clicks on it. Using a DNS filter can help you avoid these problems and therefore gives you good protection against ransomware, spyware, scareware and possible cyberattacks.
Defense against phishing¶
Phishing aims to obtain sensitive information; this can be login or payment information. This technique usually involves the use of fraudulent websites based on the imitation of legitimate sites. If people in your company receive a phishing email, it usually contains a link to a fake login page. If a person enters their login information, this data is then stolen. These phishing sites are created regularly on new domains and for short periods of time, but a DNS filter can also help strengthen your security in this regard. Known phishing sites cannot be accessed if they are on the filter list.
Blocklists cannot, however, fully replace the responsible and careful behavior that users should adopt. Their digital knowledge must be such that they can recognize phishing emails or identify suspicious malware-like attachments.
Defense against DNS spoofing¶
Manipulation of DNS name resolution, also known as DNS spoofing, is particularly insidious. In this case, the domain associated with another domain is imitated by hackers. People accessing this domain are then redirected to the wrong server, while their browser continues to display the correct domain. DNS spoofing often serves as the basis for phishing and pharming practices and enables the recovery of sensitive data. Reliable public DNS resolvers can help defend against DNS spoofing; in addition to comprehensive data protection measures, they offer other security features, including DNS filtering.
Protection of business networks¶
If you’re using a DNS resolver with a blocklist, you can rely on a relatively secure DNS server. DNS filtering therefore represents an essential component in the protection of networks, whether personal or professional. As DNS filtering alone is not enough to offer complete protection, it is advisable to combine this security solution with other protection measures, such as optimal password protection, data backups, SSH protocol and a reliable cloud security device.
DNS filtering: how does it work?¶
How DNS filtering works is both simple and effective: for websites, any request to access a domain goes through a DNS resolver; it finds the corresponding IP address through DNS name resolution. If the DNS resolver uses a block listthe request is first compared to the latter. If the IP address you are looking for is on this list, the DNS resolver makes it possible to prevent name resolution.
When filtering, domains like IP addresses can be added to the list. If a domain appears in the list, the DNS resolver immediately blocks any attempt at name resolution. If it is an IP address, the DNS resolver first tries to resolve the domain name. If this domain is associated with an IP address on the list, this request is also blocked.