What is DNS Filtering?

One technology that aids in ensuring users remain safe is the use of DNS (Domain Name Systems/Services). DNS correlates domain names, like OpenSystems.com, to the matching numeric IP address.

DNS is required when accessing web content. Content cannot load, or access is allowed before the DNS process occurs. If the website is on a blocklist, the DNS process is halted, and the request is denied. This makes DNS blocking or filtering a useful method for protecting users from malicious sites.

DNS Stops Attacks Before They Begin

DNS filtering can block a website by domain names and by IP addresses. It helps to ensure cybersecurity by blocking:

Download our latest eBook. This new approach to networking comprises a set of truly integrated, cloud-managed security services delivered on-prem or in the cloud with centrally managed security. Learn how to:

  • Reduce complexity and operational overhead
  • Deliver ease of use/transparency for users
  • Enhance security with zero-trust network access

Cybercriminals Can Exploit DNS Vulnerabilities

Cybercriminals are well aware of the safeguards DNS provides and have attacks specifically targeted to exploit DNS vulnerabilities. DNS threats include:

cybercriminal

DNS tunneling, which uses SSH, TCP, or HTTP to drill into DNS messaging and pass malware.

DNS hijacking, which directs DNS messaging to a different domain name server with false information intended to redirect users to malicious websites.

DNS spoofing, which returns an IP address that is not the intended website but a website with malicious intent.

Random subdomain, Domain lock-up, NXDOMAIN, and Phantom attacks overload DNS services with a DoS (Denial-of-Service) attack.

Fending Off Attacks to DNS

While DNS deters cyber-attacks, it is also subject to threats. There are many techniques available to detect and deter DNS attacks.

Using a cloud-based DNS provider is a viable option to ensure your DNS capability is protected. DNS providers have large numbers of name servers distributed across the globe. It would be nearly impossible to mount a successful DDoS attack. Another benefit is that when you add your blocklist to their global blocklist, the result is a very complete and deep list that is updated continually. That ensures greater cybersecurity for users and better protection against sophisticated attacks and malicious websites. Lastly, the burden of protecting and maintaining DNS falls to the provider, not to you.

Open Systems DNS Filtering

Another Layer in the Open Systems Cybersecurity Stack

Contact our customer advocates and learn about the global network of access points/ PoPs and how a cloud-based global DNS service can enhance the cybersecurity posture for your organization.

Another Layer in the Open Systems Cybersecurity Stack