DNS records and worldwide DNS propagation checker
  • DNS Content Filtering - Protect your work place & Family from Cyber Threats

     

    It would not be wrong if I say that we are living in the era of the internet. The stats show that in July 2020, there were 4.57 billion active internet users in the world, encompassing 59% of the total world's population.

    No doubt, due to technological advancement, we can easily access the internet. However, it also increases our security challenges. 

    These increasing security issues lead to new security improvements for user protection by tech companies. But still, the internet is the breeding ground for malicious activities and cyber threats.

    In the internet world, DNS (Domain Name System) is responsible for routing the traffic correctly. The DNS matches the domain name with the IP address and routes the users to the exact destination so that the users do not have to memorize the complex number strings. 

    • When the user enters the domain in the browser bar, a DNS query is sent to the specialized webserver to solve that query, known as DNS resolver
    • The DNS resolver matches that domain name with the IP address by getting the information from its cache or by further sending the request to an additional DNS server.
    • On getting the IP address, it is sent to the user's device, known as "resolving the domain name."
    • On getting the IP address, the user's device contacts the server of that IP address to connect and start loading the content.
    • You can not just shut down your internet. There are always pros and cons to everything, but the only thing that matters is how you use it.

    You have understood the importance of DNS in routing the traffic to the correct user. One brilliant solution to protect your family from cyber threats and malicious activities is to use DNS or Content Filtering

     

    What is DNS or Content Filtering?

    The DNS system was never designed from a security point of view. That is why it has some design limitations. Due to these design limitations combined with the technological advancements, it becomes easy for the hackers to hijack the DNS lookup process and send a user to some forged website that contains malware or a website that collects sensitive personal information.

    DNS Filtering means Domain Name System Filtering is the process of filter out and prevent your access to specific domains or IP addresses. When you have a DNS filter enabled, you can use the internet without having any worries.

    The DNS resolver also works as DNS filter. When the user sends the request to the DNS resolver to resolve the query, the specially configured DNS resolvers check that domain name in their blocklist; if they find it as "block," they stop the user from getting access to that specific domain.

    Note: The DNS resolvers may use the blocklist shared in some cybersecurity community or forum, make their blocklist, or use both ways to filter out the content.

     

    DNS or Content Filtering blocks the websites either in two ways.

    • If the DNS resolver finds the domain name in its blocklist, it will not go for the IP lookup against that domain name.
    • If the DNS resolver finds the IP address in its blocklist, it will not send the IP address to the requested user.

     

    Therefore, DNS or Content Filtering helps safeguard internet usage by blocking ransomware, phishing, spyware, virus, and malware activities and protects your data and devices.

    The research shows that 78% of people click on the link, even if they know that the connection is suspicious and contains malware. Therefore, the organization highly depends on DNS filtering and chooses the DNS server that provides the best data protection and filtration. A single wrong click can damage more than you can imagine.

    DNS query resolving companies are well aware of the security threats and try to provide the best possible solution to keep their customers safe. Therefore, they generally offer three types of filters, as mentioned below.

    • Security Filter/ Malware Blocking Filter: It blocks your access to ransomware, phishing, spyware, virus, and malware domains.
    • Adult Filter: It blocks your access to all adult, pornographic, and explicit sites. However, it neither blocks the Proxy or VPN domains used to bypass the filters nor the mixed-content websites.
    • Family Filter: It blocks your access to all adult, pornographic, and explicit sites. However, it also stops the Proxy or VPN domains used to bypass the filters and mixed-content websites. 

     

    Why is DNS Filtering necessary?

    You cannot deny the importance of the internet, whether it is an employee, student, or a family. 

    • The employees need the internet to complete their office work. 
    • The students need the internet to complete their assignments and projects.
    • Families need the internet for entertainment. 

    However, you cannot keep an eye on each person to monitor their internet activities every time. Therefore, DNS filters are necessary to protect against internet threats as much as possible. In other words, DNS filters are an internet usage policy.

     

    Does web filter slow Internet speed?

    The DNS web filter does not affect internet speed because the filtering takes place at the DNS lookup server; after that, the content will be loaded. Therefore, DNS filtering takes place at the same time when the standard DNS lookup is performed.

     

    That article is all about exploring the tools that help you in DNS or Content Filtering. 

     

    1: CleanBrowsing DNS

    One of the best options that come to mind when you talk about DNS or Content Filtering, CleanBrowsing DNS, provides content filtering and protection to parents, schools, MSPs, and municipalities. Both their free and paid versions are available. Their primary focus is to provide privacy protection in their DNS service, especially to households and children. 

    CleanBrowsing provides three free content filters.

     

    To avail of their free content filters, add the following IP addresses in your DNS network setting.

    1: For Security Filter: 

    IPv4 address

    • 185.228.168.9 
    • 185.228.169.9

    IPv6 address

    • 2a0d:2a00:1::2 
    • 2a0d:2a00:2::2

    2: For Adult Filter:

    IPv4 address

    • 185.228.168.10 
    • 185.228.169.11

    IPv6 address

    • 2a0d:2a00:1::1 
    • 2a0d:2a00:2::1

    3: For Family Filter:

    IPv4 address

    • 185.228.168.168 
    • 185.228.169.168

    IPv6 address

    • 2a0d:2a00:1:: 
    • 2a0d:2a00:2::

     

    2: Cloudflare DNS

    If you are familiar with websites, whether it is programming, SEO, or server setting, you know of CDN and Cloudflare. Without a doubt, Cloudflare is the fastest DNS query resolver on earth, with an average query resolving time (of the last 30 days) is 13.09 ms. It resolves more than 500 billion DNS requests daily.

    Since the launch of 1.1.1.1, the number one request that Cloudflare received from its users is to introduce another version of the product that automatically filters out the wrong or faulty websites. Because 1.1.1.1 is designed for fast DNS resolution, not for filtering the content. 

    Therefore, Cloudflare launches a DNS-Based Parental Control Service, known as "1.1.1.1 for Families." 

    It comes in two versions. 

    The first one, protect your home against malware by automatically blocking the malware content only.

    The second one provides more parental control by blocking malware and adult content and preventing them from reaching your children while browsing the web.

    To avail of their content filters, add the following IP addresses in your DNS network setting.

    For malware blocking only:

    IPv4 address

    • 1.1.1.2 
    • 1.0.0.2

    IPv6 address

    • 2606:4700:4700::1112 
    • 2606:4700:4700::1002

    For malware and adult content blocking:

    IPv4 address

    • 1.1.1.3 
    • 1.0.0.3

    IPv6 address

    • 2606:4700:4700::1113 
    • 2606:4700:4700::1003

     

    3: Open DNS

    Open DNS is Cisco owned company providing a free and public cloud-based DNS service resolution, with the average query resolving time (of the last 30 days) is 22.5 ms. Today, this company is one of the leading DNS providers globally. 

    With 90 million global users, 140 billion daily DNS requests, and 100 percent reliability and uptime. Provides robust content filtering, the study shows that one out of three schools in the US uses OpenDNS to protect their network. 

    Open DNS provides two versions of filters, Family Shield Filter and Home.

    Family Shield Filter helps the parents who want their children to keep away from inappropriate content like adult websites. In this, you use pre-configured content filtering.

    To avail of their Family Content filter, add the following IP addresses in your DNS network setting.

    IPv4 address

    • 208.67.222.123 
    • 208.67.220.123

    Home Filter helps if blocking the adult content is not enough; you can use their home plan that gives you more access, and you can stop the entire category by logging into your account. It provides a list of 50+ categories to choose from and gives you more control to decide according to your requirement.

    To avail of their Home filter, add the following IP address in your DNS network setting.

    IPv4 address

    • 208.67.222.222 
    • 208.67.220.220

    IPv6 address

    • 2620:119:35::35 
    • 2620:119:53::53

    Their Family Shield and Home are both free. However, you can also vail their paid VIP plan that starts with $19.95 per year.

     

    4: UltraRecursive DNS

    In case of protection, Neustar UltraDNS Firewall is also considered a good option. That provides a cost-effective enterprise-grade, cloud-based recursive DNS service that delivers fast performance, early detection, and adequate protection from malware, malicious websites, phishing, spyware, bots (DDoS protection). It also blocks inappropriate and adult content. 

    It provides Unfiltered Resolution, Threat Protection, and Family Secure

    The Unfiltered Resolution does not block any content for fast DNS query resolution.

    However, the Threat Protection Filter protects against malware, ransomware, spyware, phishing by blocking malicious domains for security purposes.

    To avail of their Threat Protection Filter, add the following IP addresses in your DNS network setting.

    IPv4 address

    • 156.154.70.2 
    • 156.154.71.2

    IPv6 address

    • 2610:a1:1018::2 
    • 2610:a1:1019::2

    Moreover, the Family Secure Filter ensures that your children do not have access to any adult content like gambling, pornography, violence, and hate/discrimination.

    To avail of their Family-Secure Filter, add the following IP address in your DNS network setting.

    IPv4 address

    • 156.154.70.3 
    • 156.154.71.3

    IPv6 address

    • 2610:a1:1018::3 
    • 2610:a1:1019::3

     

    5: AdGuard DNS

    As the name implies, it blocks the ads. Protects you from malware and phishing and provides family protection. You cannot deny its importance just because it is from Russia. That company has been there for a while and earns a good reputation among its users. They are not entirely open-source; they offer both free and paid plans. But AdGuard believes that all the free products must be open source. You cannot just stick their service to ad blocks; it is better than the ads they block.

    AdGuard DNS delivers its services in three versions.

    1: Default 2: Family Protection 3: Non-Filtering 

    The Default Filter protects you from ads, malware, and phishing. To avail of their Default Filter, add the following IP addresses in your DNS network setting.

    IPv4 address

    • 94.140.14.14 
    • 94.140.15.15

    IPv6 address

    • 2a10:50c0::ad1:ff 
    • 2a10:50c0::ad2:ff

    The Family Protection Filter provides you the default filter facility, blocks the adult content, and provides a safe search facility. 

    To avail of their Family Protection Filter, add the following IP address in your DNS network setting.

    IPv4 address

    • 94.140.14.15 
    • 94.140.15.16

    IPv6 address

    • 2a10:50c0::bad1:ff 
    • 2a10:50c0::bad2:ff

    Note: The non-filtering option is not recommended. It provides a secure and reliable connection because it does not filter anything, like "Default Filter" and "Family Protection Filter." Therefore, use it only when you know your purpose and why you are doing this.

     

    6: Yandex DNS

    Yandex DNS is a free recursive DNS service with over 80 DNS servers located in different cities and countries (located in Russia, CIS countries, and Western Europe). The user request is processed through the DNS server closest to the user location to provide low latency. Its primary focus is to provide high internet speed for the fastest access to the website, protect from dangerous websites, bots, malware, and adult content protection. It checks millions of web pages daily and detects thousands of infected websites. Completely equipped with Sophos signature technology and Yandex anti-virus software, their built-in checklist (after studying the research sites' behavior), is applied to all the pages to filter out the infected ones. 

    For speed, you can avail of their Basic Plan. But for providing security protection to the users and for keeping the children away from the adult content. They provide two versions.

    1: Safe filter 

    The Safe Filter gives you protection from infected and fraudulent websites and protects you from fraudulent content and virus.

    To avail of their Safe Filter, add the following IP addresses in your DNS network setting.

    IPv4 address

    • 77.88.8.88 
    • 77.88.8.2

    IPv6 address

    • 2a02:6b8::feed:0ff 
    • 2a02:6b8:0:1::feed:0ff

    2: Family filter

    The Family Filter provides you the features of safe mode and protects from adult websites and content.

    To avail of their Family Filter, add the following IP addresses in your DNS network setting.

    IPv4 address

    • 77.88.8.3 
    • 77.88.8.7

    IPv6 address

    • 2a02:6b8::feed:a11 
    • 2a02:6b8:0:1::feed:a11

    Their safe and family modes both block the IP address queries of all the known C&C servers. Therefore, the bot is forced to inactivity, and the attacker loses access to the user's computer. Yandex continually updates its list of botnets to provide better protection to its users.

     

    Most of the time, people use the DNS server provided by their ISP, but you can change it as per your needs. 

    No doubt, the DNS service providers are well aware of today's security threats and protect their customers as much as possible. The DNS resolving companies provide both free and paid plans. I hope that the above list of DNS Service Providers and their different filters help you not become the victim of any cyber threats.

     

  • Enter Domain to Check DNS