February 14, 2019
Domain Name System (DNS) filtering is responsible for guaranteeing security from online threats like viruses, malware, ransomware, phishing attacks, and botnets. With the protection delivered by DNS, users will be able to use the Internet by recognizing names. Additionally, computers will also be able to interpret the same names into IP addresses in order to transmit data from websites, file servers, and email servers to your browser or email client.
Easy to remember domain names are allowed to be used because of DNS. This prevents you from typing in IP addresses (126.96.36.199) that very difficult to remember. DNS maps IP addresses to domain names. A DNS query will be executed when you try to access a website. Your DNS server will look up the IP address of the webpage/domain, which will permit the establishment of a connection between the browser and the server where the website is hosted. This will be followed by the loading process of the webpage.
Instead of the DNS server returning the IP address if the website exists, the request will be subjected to specific controls. The request to access the site will get blocked if a specific webpage or IP address is detected to be malicious. Hence, instead of connecting to a website, the user will instead get directed to a local IP address that will show a block page, which explains that the particular website cannot be accessed.
It is also possible to apply this control at the router level, through your ISP, or a third party, which could be a web filtering service provider. If you consider the latter case, the user (a business) will point their DNS to the service provider. This service provider will maintain a blacklist of malicious IP addresses/webpages/. Access to malicious sites will be blocked if a site is known to be malicious.
With the service provider being capable of also categorizing web pages, the DNS filter will also be used to block access to specific categories of web pages (child pornography, file sharing websites, pornography, gaming sites, and gambling). The AUP will be enforced as long as a business develops an acceptable usage policy (AUP) and sets that policy with the service provider.
With most of us finding it difficult to remember passwords, am very much sure that we will experience the same when asked to remember IP addresses instead of domain names. Thanks to the DNS as it now allows us to use the Internet by remembering names, and computers go ahead and translate these names into machine-readable IP addresses in order to transmit information.
DNS has thus made life on the web easy but there could be a few misconceptions about the entire filtering process. To eradicate such misconceptions about DNS filtering, let’s take a look at some of the myths and accompanied with the truth about DNS filtering in the IT world.
Well, this is just not complicated as it starts with DNS lookup in just three steps:
Query: You type a web address into the browser, activating a DNS query.
Lookup: The DNS server stated in your network interface configuration receives the request and looks up the IP address concerning that domain.
Response: Providing the domain name exists, the matching IP address is returned, and your browser then makes use of that IP address to directly communicate with the web server for that domain.
Here, you need to understand that once the DNS reply is received with the IP address of the domain name server, DNS will no longer be involved in the communications between your browser and the server.
This process provides an opportunity for using DNS as an extremely basic, low-latency (fast!), and low-bandwidth filter to safeguard users from botnets, phishing sites, and several other risky websites. Safety is ensured within just a few seconds when a DNS filter is used with a database of categorized websites. The DNS filter protects your network by just providing lookup requests with an authentic IP address for safe websites, however, the filter returns a local IP address to deliver a block page for sites that are forbidden.
In most cases, just setting the primary DNS servers as the cloud web filter in the DHCP server is considered to be good enough in order to block the majority of web-delivered malware and also prevent access to any productivity-killing websites.
However, you cannot ignore the fact that “smart” end users may make attempts to get around your filters. You will be stunned at how sharp these guys can be when they wish to get to Facebook, and also how easily they can forget how to access the file server. In such situations, they will find a proxy service or change their DNS settings locally on their PC if it has not been locked down. You can adopt simple steps to limit your end users’ potential to access forbidden websites. Go ahead and set some firewall rules on your Internet gateway/router. You will be able to block DNS requests to anything other than your permitted DNS service and block all other DNS requests.
When using an external DNS server, you should permit only port 53/UDP to access the IP addresses of you’re the DNS filtering service servers you have selected. In case you have your own, internal DNS server that is locally hosted, you should permit only port 53/UDP outbound requests from your internal DNS server’s internal IP address to the external IP addresses of the X secondary and local DNS servers that your internal DNS server is configured to use. Simply put, local computers question your local DNS server, and only your DNS server queries the web filtering DNS service on the Internet.
Web filtering is just an effortless and direct option and hence DNS filtering should most probably be in your security arsenal. Most firewalls and routers will permit you to block port 53 – DNS traffic. By just editing the internal MX records, a single configuration change in one place, you will be able to successfully prevent access to unsafe sites and also protect your network.
To sum up, you will have to understand the ultimate truth that the performance and speed of DNS servers can differ. Poor or slow domain resolution will lead to slow and less dependable web browsing. However, to compare performance you can run speed tests on DNS servers.