What are the best DNS filters? What features should they have? Is a free or a paid filter better? We answer all of these questions in this article. And we will also explain why a DNS filter is a great tool for protecting computers, smartphones, and tablets from unwanted access. A good DNS filter is an indispensable tool for families, schools, public places, and businesses.
1. What a DNS filter is
A DNS filter is an application service that filters access to internet content. DNS filters are used to monitor the DNS, the domain name systems, of the website that you want to reach. The DNS (domain name system) is often referred to as the telephone book of the internet. It is a hierarchical, decentralized naming system that is used to identify computers and services that can be reached on the network.
We generally have two ways of accessing an internet site or a specific web page. We can type the domain name of the site (flashstart.com) into the browser’s navigation bar, or we can activate the automatic opening of a link to a page (https://flashstart.com/it/filtraggio-dns/), perhaps received via email or chat.
The moment we type “flashstart.com” into the navigation bar of a browser and press enter, the browser transforms (resolves) the domain name into an IP address, because the computer recognizes the IP and not a text string. Actually, the browser asks the internet provider which we are using to query the DNS resolution service to convert the domain name into a sequence of numbers interspersed with periods.
In the case of flashstart.com, the IP address is 184.108.40.206. This means that the browsing program connects to the server that has that address and hosts flashstart.com. It should be noted, however, that there is no two-way correspondence between an IP address and a domain name. For example, the domain name 220.127.116.11 corresponds to forty-four thousand sites hosted on the same server. So, DNS is how a domain name is associated with an IP address.
In practice, the DNS is a universal registry, a distributed database of DNS servers categorized, first of all, into domain extensions (.com, .it, .edu). Each domain corresponds to a “container” which stores domain information and is also able to draw information from other, non-archived domains. Among the information (the database records), of course, the most important is the IP address corresponding to the domain name, the information that the browser will receive in order to access the requested site.
The nameservers scattered around the world which store and manage domain names, categorized according to domain extensions (technically DNS root zone), are called root nameservers, and there are thirteen of them worldwide.
2. Why a DNS filter is better
Performing DNS filtering of sites is significantly more effective than filtering that is based upon a site’s name and contents. Without getting into too many technicalities, suffice it to say that if filtering were based on domain name, it would be easy for cyber criminals to get around the protections because they could easily clone an ecommerce or bank site, and the user who happens upon it could easily miss it.
Precisely because the vast majority of breaches of a computer, smartphone, or tablet occur as a result of clicking on a link received by any means (email, chat, text message, etc.), it is obvious that a good DNS filter can be an excellent tool to protect against malware, ransomware, trojans, phishing, and viruses of all kinds.
Since its creation, FlashStart has been designed as a DNS filter. And its unique features have convinced hundreds of customers around the world. Let’s briefly see what they are. FlashStart, for example, uses the global Anycast service to monitor sites and routes to them. Taking advantage of the Anycast network optimizes performance by minimizing latency, which is the time from the user’s call to the actual access to the site.
In addition, thanks to its artificial intelligence algorithms, FlashStart examines up to 200 thousand sites per day, supports twenty-four different languages, and recognizes ninety categories based upon their contents. This improves the quality of service and prevents access to harmless sites (the false negatives). Another distinguishing feature of FlashStart is its native integration with Microsoft’s Active Directory service. For technicians dealing with the IT infrastructure, this is a great advantage in terms of installation and integration of the service. Finally, another special feature of the FlashStart solution is geoblocking: blocking access to sites geographically located in countries which are considered to be dangerous.
>> FlashStart protects you from a wide range of threats and blocks access to malicious sites ? Start your free trial now
3. What to look for in a DNS filter
Before providing a roundup of the best DNS filters on the market, let’s provide a list of features to be reviewed when making a choice, so that one can truly call a DNS filter one of the “best DNS filters.”
Latency. Stated latency is always the first characteristic to consider in a DNS filter. We are talking about the average time from a user request to the resolution of the requested site. Be careful, because the stated latency is never an objective value; it is fully better to ask the provider for testing.
Updates. Another legitimate question to ask the provider of a DNS filtering service is: How often is the filter updated? Dangerous sites spread like wildfire and never stop popping up. A DNS filtering service will only be good if it knows how to tap into universal and constantly updated blacklists. Also: what is the scanning frequency of sites?
Filters. The variety of blacklist categories available is also a factor in choosing the best DNS filter. It is not enough to categorize controlled filters according to the content published, but, for example, it is useful to define filtering systems based on geolocation (geoblocking). There are, in fact, some countries that are more “dangerous” than others.
Support. Having support that responds 24/7 in Italian and resolves all kinds of problems is an extra service that cannot be underestimated when choosing the best DNS filter. Before signing the contract, make sure that full support is included in the service.
4. The most popular DNS filters (in alphabetical order)
Let us now look at a roundup of the best DNS filters available on the market, in alphabetical order. It is important to choose one that fits the specific needs of the company and has all the features as outlined above. In addition, it is important to have support that is always present.
4.1 Cisco Umbrella
On the market for more than fifteen years, Cisco Umbrella is a cloud-based service and utilizes the predictive threat detection model. Particularly popular are the speed of filter updates and the ability to analyze up to 180 billion site access requests per day. Cisco Umbrella also provides DNS-level protection, an intelligent engine that detects risks, a secure gateway, a firewall, a CASB (Cloud Access Security Broker), and integration with Cisco SD-Wan.
According to Techradar, the interface is not immediately understandable, and the price varies depending upon the size of the client company and the features to be enabled. It is certainly a protection solution that goes well beyond pure web filtering and its associated cost.
It is a popular cloud-based service, mainly because it is competitively priced. Advantages of DNSFilter include an easy-to-use interface and a wide range of features. The offering includes a Basic plan and a Pro plan. For a higher price, the Pro plan provides advanced analytics features and more detailed reports.
DNSFilter also integrates real-time threat detection of phishing, malware, and viruses, thanks, in part, to artificial intelligence. There is also “off-network” protection, outside the corporate perimeter, and a Secure Socket Layer (SSL) certificate for encrypted communication.
We have already mentioned the benefits of FlashStart above.
90 categories of blacklists, constantly updated by Artificial Intelligence, with fully customizable protection. Native support for Microsoft’s Active Directory synchronization. LAN and end-point roaming protection all over the world, on an ultra-fast anycast network. Unique geographically based traffic blocking feature for high-risk areas.
The easiest installation with any kind of Router, WiFi hotspot, Firewall, Gateway.
Human support made by highly qualified engineers, available at any time. Guides, tutorials and regular training events in English, Spanish and Italian.
Excellent flexible pricing by type of end user.
4.4 Open DNS
Open DNS includes filters that protect browsing from malicious web sites and adult contents. According to research, one in three public schools in the United States uses Open DNS. It has good latency, and any device connected with Open DNS will be protected from a variety of threats. Open DNS estimates about 100 billion DNS queries per day from eighty-five million users across twenty-five data centers worldwide.
Source of the ratings: the independent website Cybersecuritynews (which you can read here).
4.5 Perimeter 81
It blocks access to malicious sites and prevents phishing attacks. The tool’s most powerful feature is dynamic, category-based filtering which allows users to restrict or completely block malicious sites such as gambling, social media, malware, and adult contents.
Users will receive alerts informing them that the content which they attempted to access has been blocked. You also have total control over which sites your employees can access, for safer browsing through your network, and you can increase your employees’ productivity by limiting access to time-wasting sites, such as social media. Perimeter 81’s DNS filtering tool is compatible with Windows, Mac, and Linux.
Source of reviews: the independent site Cybersecuritynews (which you can read here).
SafeDNS also protects the internal network by controlling Wi-Fi hotspots and providing secure online browsing. It also protects well against numerous, simultaneous accesses.
It uses a comprehensive database and provides a cloud-based filtering service that automatically detects botnets and malware. It automatically blocks adult and other malicious contents. It uses the BGP protocol, ensuring low latency.
Source of ratings: the independent site Cybersecuritynews (which you can read here).
Webroot is a cloud-based gateway that provides website and IP address classification and reputation services, as well as navigational monitoring.
The compatibility and openness of its environment are certainly the distinguishing features of WebRoot. The SDK is also available for better customization and integration within the IT framework.
Other distinguishing features include easy scalability, a large and always up-to-date database, and ease of use with a centralized console, with real-time updated data and comprehensive and customizable reports.
>> Are you an appliance manufacturer? You can natively integrate FlashStart ? Contact us
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.