A DNS filter is needed for protection against malicious websites. Without a DNS filter, you are prone to malware and phishing attacks. Watch the video below as Dr. Paul V. Mockapetris, Chief Scientist at ThreatSTOP, describes how DNS filters work.


What is a DNS Filter?

DNS stands for Domain Name System. This system translates the domain names of websites into IP addresses. The Domain Name System (DNS) filter is a tool that looks at these addresses and determines if they belong to trusted entities or known online fraudsters. Phishers, hackers, and other cybercriminals can mask their domain names, but they cannot hide their IP addresses from these filters.

What Does a DNS Filter Do?

When you go to any particular web page, the DNS filter examines the IP address. If it is owned by an entity that cannot be trusted, the DNS protection filters out that page. Likewise, a trusted website might be targeted by internet scammers through ads on the page. A well-designed, up-to-date filter also works on these ads to keep you protected.

How Do You Install a DNS Filter?

Setting up a DNS server yourself is complicated because you need to know where to find the information to block malicious websites without blocking trusted entities. You also need to continuously update this information as new, bad players come to light. The easiest way for you to set up DNS protection is to call ThreatSTOP. ThreatSTOP knows what type of security you need to keep you and your business safe from cyber-attacks.

How does a DNS filter work? Simple: It protects you by keeping you from visiting malicious websites. ThreatSTOP will install our highly sophisticated filter for you. We will save you time, we will save you money, and we will keep you secure. Contact us today for a safer tomorrow.

Get a Demo


Learn More:

What DNS Security Does A Typical Enterprise Need?

DNS Defense Cloud 

DNS Defense 


Video Transcript


0:00 Intro
1:16 How A DNS Filter Works
2:04 Block Real-Time Threats

Ok, a lot of people ask how DNS filters work. Let's take it from the top. 

Supposing you ask to go to a particular webpage. What happens when you do that? Well, the webpage has a name and the DNS has asked what's the address for that website. Now if the DNS recognizes that particular name as being owned by a bad guy, then what it'll do is it'll just say no I won't let you go there, send you back, perhaps with a page that says sorry that site is blocked. 

More importantly, if what you do is go to your favorite newspaper's website and you say okay, enter that website, typically it has a mosaic that it shows you of ads and little insights and ads and so forth, and bad guys will try and attack you through those, but each of those things requires a DNS update even though you didn't type it yourself. So the DNS filter will cut those off as well, so you may see blank boxes or whatever. So that's how DNS filtering works. 

1:16 How A DNS Filter Works

Basically, the DNS server that your computer is connected to knows who's naughty and who's nice, and what it will do is it will not let you go to the naughty places. There's actually some additional complexity there because what it can do is it can say I'm going to block you from going to places that are served by a particular set of infrastructure. 

So there's bad guy ISPs out there and they can be blocked. You can't block them with IP addresses because it may be that there's content distribution that works such as Cloudflare that host both good guys and bad guys, and if you want to block them, you have to do it by name and so your DNS server using filtering will help you do that.

2:04 Block Real-Time Threats

Setting up DNS filtering is a complicated exercise because you have to have control of the DNS server and you have to know where to get the information about who the bad guys are, where they are, etc. so that you can have the blocking that you want.

ThreatSTOP provides that as a service. You just talk to us once, tell us what blocking you'd like and where you want it deployed, and it happens. There's no reason for you to be worried about making sure that it works  24/7. We'll take care of that. You just tell us what you want and the deed gets done.