adam's notes

DNS Filtering

Domain Name System (DNS) filtering is a technique that blocks or allows access to specific websites by controlling the resolution of domain names into IP addresses.

  • When a request is made to resolve a website URL,
    • the DNS filter checks the request against a database of domain names
    • If the domain is associated with an unapproved list, filter blocks the request
  • Highly effective for many reasons:
    • provides a proactive defense mechanism, blocking access to known:
      • phishing sites
      • malware distribution sites
      • and other malicious online destinations
    • can help enforce an organization’s acceptable use policies (AUPs)
      • by blocking access to inappropriate or distracting websites
    • can protect all devices connected to a network, including IoT devices
      • providing an extra layer of security
    • is a simple solution that is easy to implement and presents minimal risk
  • must be combined with other security measures for comprehensive protection

Implementing DNS Filtering

  •  implemented using different methods and tools
    • through DNS filtering services
      • e.g.,
      • most common method
      • provide DNS resolution with built-in filtering
      • simply requires organizations and users to redirect their DNS requests to the filtering service’s DNS servers
    • directly implement DNS filtering
      • for orgs that manage their own DNS servers
      • provides complete control over filtering policies
      • permits the integration of block lists or Response Policy Zone (RPZ) feeds into server configurations
    • using DNS firewalls
      • intercept DNS queries at the network level and apply filtering rules accordingly
      • Some endpoint protection tools and antivirus software provide DNS filtering capabilities to provide device-level protection
    • with Pi-hole or ADGuard Home software
      • can be configured as a local DNS resolver with filtering capabilities
      • both open-source
      • software runs on Linux
        • is commonly implemented using Raspberry Pi hardware
          • due to its low-performance overhead

Filtering Policies

  • customization of filtering policies allows for categorizing websites to simplify the creation of block lists or allow lists per requirements
  • Keep DNS filters updated
    • to keep pace with evolving threats and changing organizational needs

Graph View

Backlinks