The Domain Name System (DNS) translates website names into their numerical equivalents so that they can be found on the computer networks that form the internet. DNS filtering is a process that is used to block websites that have been identified as malicious or to prevent access to harmful or inappropriate content. It is used by companies and other organizations to control what employees and other users can access through company owned networks and is a component of a wider access control strategy that is used to ensure security.
The DNS system operates as a directory where web addresses are represented an easy to remember name rather than the set of 10 digits or more that actually represent a specific webpage address. When a user types in the name of a website in a browser, or clicks on it through a search engine, a specialized server known as a ‘DNS resolver’ converts the name into a specific IP address which it returns to the browser so that it knows where to find the website data – this is called ‘resolving’ the domain of the website’. Once the browser has this address it contacts the server hosting the domain and displays its webpages. No content can be loaded until this process has occurred so when addresses are blocked at the DNS level they cannot be accessed.
DNS filtering works by routing all DNS queries from browsers to specially configured DNS servers that will not resolve access requests to websites that are listed on a ‘blocklist’ – that is, they filter them out. This process can also operate in reverse so that users can only access sites that are listed in an allowed list with all other sites blocked.
An example of how DNS filtering can help with security is when a phishing email is received. These types of emails attempt to trick a user into giving up their login information on a fake website that has been created for this purpose. Before a user can access the fake website, however, it must first send a query to the company’s DNS resolver which includes a blocklist designed to prevent access to these websites and, if the website is listed, it prevents the website from loading. Conversely, if the website is not on an allowed list for the user, it is also be blocked. A well designed DNS filtering system can block these types of attacks effectively but must be maintained constantly to guard against new types of attack.