Understanding DNS Filtering in simple terms
How does DNS work? 

The DNS or the Domain Name System matches a domain name to an exclusive IP address. For example, a website abc.com is linked to an IP address 192.0.2.24. This unique IP address allows one to access the website, but at the same time, this number can be confusing to remember. Therefore, DNS is necessary as it enables users to access websites by mention the website domain name without bothering with the IP address.  This is similar to storing a person's cell number on the mobile phone with names on the contact list.  Nobody likes to memorize phone numbers, and neither is it feasible.

Whenever a user types in a website name, the website loads the content and opens for the user to access only after the device has found the correct IP address. 

Some of the steps on how an IP address is discovered so that a website can load successfully.

  1. When a user enters the name of a website domain into the browser and accesses it, the device forwards it to "DNS resolver," a specialized web server.

  2. The DNS resolver looks up the query by matching the domain name to the IP address. This is done by querying additional DNS servers or by checking their Cache. 

  3. The DNS resolver replies to the user's device with the domain's correct IP address. This process is known as "resolving" the domain.

  4. The website content loads after the user's device contacts the server given IP address.

DNS is a compulsory function for accessing web content as no web content can be loaded without the DNS process. This process ensures that DNS filtering is an effective method to control over contents that a user wants to access.

The filtering services 

When DNS queries go to a DNS resolver, the specially configured DNS resolver searches and matches the query. It refuses to resolve it if the concerned domain name is tracked in a blocked list. This prevents a user from reaching the domain requested. The DNS filtering service can also be used as an allow list instead of a block list.   

One can use DNS filtering by blocking websites either by IP address or domain name. For example, an organization's employee is tricked into clicking a phishing mail, leading to a malicious website. Before the website is loaded and opened on the employer's computer, the device sends a query to the organization's DNS service that uses DNS filtering. Suppose the malicious website is on the organization's block list. In that case, the DNS resolver will thwart the phishing attempt by blocking the request. 

Blocklists are crucial for filtering harmful domains or IP addresses. They are a list of known dangerous domains and IP addresses. Usually, service providers who use DNS filtering rely upon known blocklists or those shared within the cyber-security community. Others generate their blocklists after evaluating web pages and then adding them to a blocklist.

Not all domains or IP addresses on a blocklist are necessarily used only for phishing or malware attacks. Many websites have adult or inappropriate content that a company may add to the blocklist for these types of inappropriate content. Individual users also use it as part of parental control on what their child watches on the Internet.

How is DNS filtering crucial to protect against hackers?

DNS filtering can help keep phishing and malware attacks out of an organization’s networks and from individual user devices. It blocks malicious websites that trick a user into downloading the malicious program into the system the moment the website loads.  Once the malware enters the system, it remains undetected till it attacks the data and encrypts them, causing the system to crash. Outcomes of such malware attacks usually end as ransom money demanded by hackers to decrypt hacked data.  Others use programming languages to compromises the system and steal data and sell them to fellow attackers.  

Phishing is another way to steal login credentials through fake websites that look like official websites to which unsuspecting users fall prey. Once the users give their account credentials, the hackers move in quickly into the system as a verified login and remain undetected for a long time enough to cause damage. 

Though the DNS filtering system keeps on identifying malicious IP addresses or domains and blocking them, attackers also try to circumvent the system by generating new domains quickly. Adult content sites are a good example of coming out with new domain names whenever it is banned and blocked by authorities.

How secure are DNS servers?

DNS server which uses the DNS resolver is secure and blocks malicious or prohibited websites as part of the DNS filtering service. For example, cloud flare, the Google Cloud platform partner, offers secure DNS services and offers increased privacy to protect users' data.  Cloudflare uses a DNS resolving service known as 1.1.1.1, which purges all DNS query logs in the system after 24 hours.

DNS filtering services are not designed with security in mind. There are additional ways to make them more secure. The DNS Security Extensions (DNSSEC) is a security protocol that helps to resolve the security issue. It has a feature that allows digital signing that validates at every level.

Conclusion 

Web filtering is a common term used in the context of controlling web traffic. This included DNS filtering and other types such as keyword filtering, content filtering, and URL filtering. 

If one is looking to implement a DNS filtering solution for their organization, one needs to understand what kind of filtering is required based on the employee behavior. Do one's employees surf the Internet frequently? What type of security and services is offered by the DNS filtering provider?