DNS filtering is a cybersecurity measure that uses the Domain Name System (DNS) to block access to malicious, inappropriate, or unwanted websites. The DNS acts as the Internet's phonebook, translating human-friendly domain names (like www.example.com) into IP addresses that computers use to identify each other on the network. DNS filtering leverages this system to intercept and evaluate DNS queries before they reach their destination, ensuring that only safe and approved content is accessible.

Why is DNS Filtering Important?

• Enhanced Security: DNS filtering helps protect against various cyber threats, including malware, phishing attacks, and ransomware. Blocking access to known malicious domains prevents these threats from reaching users' devices and networks.
   
• Improved Productivity: DNS filtering can help maintain employee focus and productivity by restricting access to non-work-related or distracting websites.
   
• Compliance and Control: By controlling the types of content accessible on their networks, organizations can enforce internet usage policies and ensure compliance with regulatory requirements.
   
• Cost-Effective Protection: DNS filtering is a scalable and cost-effective solution that can be easily deployed and managed, making it suitable for businesses of all sizes.
  
   

How DNS Filtering Works

When a user attempts to visit a website, their device sends a DNS query to resolve the domain name into an IP address. With DNS filtering in place, this query is intercepted and evaluated against a set of predefined policies and threat intelligence databases. The query proceeds if the domain is deemed safe, and the user can access the site. If the domain is flagged as malicious or inappropriate, the query is blocked, and the user is prevented from accessing the site.

Analogies to Understand DNS Filtering

Security Guard at a Building Entrance: Imagine a security guard stationed at the entrance of a building. The guard checks everyone trying to enter with their identification. If someone is on a blacklist or doesn't have proper credentials, the guard denies entry. Similarly, DNS filtering acts as a security guard for your network, checking each DNS query against a list of approved and blocked domains before allowing access.

Library Book Filter: Imagine a library where a librarian filters books before they are placed on the shelves. The librarian ensures that only appropriate and safe books are available for readers. DNS filtering works similarly by filtering out harmful or inappropriate websites before network users can access them.
 

Key Features of the CyberFOX DNS Filtering Service

The CyberFOX DNS Filtering service offers comprehensive features designed to enhance network security, manage internet access, and improve productivity. Here are the key features:

DNS Filtering and Caching:

• DNS Filtering Behavior: DNS filtering involves applying policies to determine whether a domain should be allowed, blocked, or redirected. Policies can be configured to apply to specific locations or roaming devices.
• Domain Overrides: Domain overrides enable specific domains to bypass general policies, which is particularly useful in scenarios where certain services need to be accessible despite broader restrictions.
• Upstream Filtering: The filtering service determines the policy to apply and redirects the request to an upstream resolver, which knows the IP addresses of common domains, such as Google. This helps in faster resolution.
• TTL Respect: The DNS client respects the Time-To-Live (TTL) values provided by the DNS responses, meaning it caches the responses for the duration specified by the TTL. 
• Local Caching:  If you are using and have configured the DNS client, it has a local cache to store DNS responses, reducing the need to query upstream servers repeatedly. This cache is updated when the Time to Live (TTL) expires or when the policy changes.
• Fallback and Security: In case of filtering failure, fallback mechanisms can be configured to ensure either high security (no internet access) or medium security (limited internet access through upstream filtering).

Roaming Devices Configuration:

• DNS over HTTPS (DoH): The service supports configuring roaming devices using DNS over HTTPS, ensuring secure DNS queries even when users are not on the corporate network.
• Platform-Specific Instructions: Instructions for setting up DoH are provided for various platforms, including iOS, Android, Windows, Linux, and Mac OS.
• Public Configuration Wizard: A public configuration wizard, available by location or device, helps users set up their devices without logging into the system.
• Client Installation and Configuration: A desktop client (Windows) can be installed and configured to ensure that DNS filtering policies are enforced on user devices. 

Block Page Customization:

• Customizable Block Page: The default block page can be customized, and users can request access to blocked sites through a request form.
• Review Requests: Admins can review and manage access requests created by the block page through the "Domains to Review" section, where they can allow or block the requested sites.

Proxy Service for Safe Browsing:

• Proxy Service: The proxy service provides an additional layer of security by proxying certain websites. When a site is proxied, the request is sent to a web proxy service created by CyberFOX. The web proxy attempts to render the site browsable while removing any harmful JavaScript and macros, altering every link on the page to redirect to the service itself. 

Reports and Query Logs:

• Traffic Reports and Query Logs: The service provides detailed traffic reports and query logs, enabling administrators to monitor and analyze DNS queries. The query log records different types of DNS requests, including A (IPv4), AAAA (IPv6), and CNAME.
• Traffic Monitoring: The system collects data at each location to identify traffic anomalies and alerts administrators when unusual activity is detected.

Desktop Client Deployment:

• Client Installation and Configuration: The desktop client can be installed and configured to enforce DNS filtering policies on user devices. The client can be deployed using various RMM platforms for a silent, automated installation across multiple machines. This method ensures that all machines are correctly registered and configured. Each client location has its own unique installation file.