What is DNS filtering?

Explore Malwarebytes business solutions

DNS filtering defined

Domain name system (DNS) filtering or DNS blocking describes a cybersecurity measure used to stop internet users from accessing unapproved websites on a server. Organizations use DNS blocking to secure their environment against phishing attacks and other cyberthreats. Through DNS filtering services, businesses assign control over what users can access, limit access to websites potentially posing malware risk, and reduce remediation demands on their IT teams.

DNS Meaning

What is a DNS?

The Domain Name System (DNS) is a database that translates domain names into Internet Protocol (IP) addresses allowing browsers to load internet pages. All devices connected to the internet have a unique IP address and other machines can use the IP address to locate a specific device. In today's business landscape, it's no longer necessary for individuals to memorize IP addresses as DNS servers map domain names used to locate website IP addresses.

Steps in the DNS process:

When an internet user opens a website a set of steps are carried out to load the webpage.

  1. The user searches the domain name in a web browser. A DNS query is created and sent to a DNS resolver.
  2. The DNS resolver finds and pairs the domain name to an IP address. The DNS resolver resolves the domain by replying to the user's device with the corresponding IP address.
  3. Finally, the device interacts with the sever at the IP address and connects to load the content.

How does DNS filtering work?

DNS blocking is largely known for providing content-based filtering. By blocking internet users from opening malicious content at the DNS level, businesses can set permissions and choose which websites employees can access during operating hours. DNS filtering also safeguards company productivity by restricting staff from entering time-consuming websites at leisure. Websites that pose high cyber risk include social media, news, illegal content, gambling, adult sites, and more.

DNS filtering works by adhering to a blocklist of websites configured by the administrator at the network or endpoint device level. These websites are categorized by domain name or IP address and a DNS resolver can refuse to satisfy queries requested by the user attempting to access an unapproved website.

Blocklist meaning

What is a blocklist?

DNS blocklists such as DNSBL (DNS-based blocklists) and RBL (real-time blocklists), are lists of known malicious domains and IP addresses that should be avoided. DNS filtering vendors use blocklists as a guide to forbid users from entering harmful websites. Cybersecurity professionals share blocklists within the security community and DNS vendor support staff or your IT security teams can configure blocklists and allow-lists to meet your organization's needs.

How does IP blocking work?

IP address blocking is similar to DNS blocking, but it prevents users from accessing undesirable websites at the IP address level. IP address blocking is used to protect devices and networks against intrusion and is a valuable security measure against DDoS attacks. During a DDoS attack, IP blocking slows the influx of requests and false traffic that bombard your company's resources.

Benefits of DNS protection for your organization

Phishing campaigns and malware

DNS filtering works for keep your DNS secure and guards your business’s internet users from downloading unwanted content. Threat actors carry out phishing, ransomware, zero-day, and other cyberattacks by creating new webpages luring unsuspecting individuals to take advantage of. Implementing a DNS security solution not only protects network user devices but supports your company's data protection and data loss prevention (DLP) initiatives.

Satisfy compliance regulations

DNS filtering meets the requirements of or can help satisfy the policies of:

  • CIPA (The Children’s Internet Protection Act)
  • NIST (National Institute of Standards and Technology)
  • HIPAA (Health Insurance Portability and Accountability Act)


DNS filtering also protects company productivity by preventing employees from visiting recreational websites. These websites are sometimes low quality and pose high cyber risk to your organization. Adversaries use low quality websites as vectors to target employee credentials, sensitive data, and intellectual property. Companies can block access to recreational websites to prevent employees from squandering time on sites that are unrelated to their work tasks. Time-based DNS filtering gives businesses the versatility to schedule filter rules at specific time intervals, such as prohibiting social media websites during company operating hours. DNS filtering tools mitigate your organization's risk of a cyberattack, while helping your employees champion productivity and prevent workplace distraction.

Protect your business today

Learn more about the Nebula cloud console and Malwarebytes business solutions.

Business solutions

Select your language