Use DNS filtering

 Article for: Everyone 

	Difficulty: Moderate 

	Importance: Very useful 

I have pushed for DNS level protection using Quad 9 for years. It protects against malicious sites and gives you non-tracking secure DNS. I've written many times about DNS, the last one was in October. DNS (Domain Name Servers), are sets of computers with tables that translate names of websites into an address that our browser can find. Bad things can happen if it translates incorrectly.

Recently, I learned that there are some very interesting alternatives! Besides giving you fast, reliable, secure translations, and protecting you from malicious sites, there are good services that will protect your children from pornography and other adult content, or prevent your employees from visiting Facebook or other social media sites. Even though designed for families, the family options could be a good idea for businesses that want to stop employees from using their computers to access inappropriate or time wasting content.

What is DNS filtering?

DNS receives requests for websites and returns the addresses. Secure DNS, does so securely. All the DNS options below are secure. DNS filtering, however, has a list or group of lists it blocks. So, when you ask for one of those addresses, it refuses. For example, I am using a list that blocks 68,609 specific advertising sites and tracking companies. Another list combines lists of malware and phishing sites to block them. I also block categories of sites, like dating, porn, gambling, piracy, etc. I use other similar filters to stop some specific kinds of problem sites.

DNS filtering does not examine the content of what comes back. It does not look inside what is being sent. It just looks at the address of the place you are getting information from or sending to.

Three basic categories

Free Set it and forget it. These have no account for you to set up and no customizing. Quad9 offers this blocking malicious sites. I use this when I setup new computers. These are very careful not to block useful sites, so are unlikely to create a problem.
Create a free account and log in to configure, adjust and monitor settings. These give more control, which allows for mistakes and takes more of your time.
Paid accounts. These provide more precise control and also possibly create more problems. The extra power and control can be worth it. For example, a website you need to get to could be blocked and you need to unblock it for research you are doing. You can also create different profiles for different devices or users.

Best DNS services I've found

Quad9: This is what I use when setting up new sites. I've written about it multiple times.

Their service: Free, safe, secure DNS with malicious site blocking. Set your DNS to 9.9.9.9.
Their website
Adguard's writeup shows special configurations different apps may use.

Cloudflare Is possibly the foremost Website security company. This is an excellent free alternative.

They offer 3 separate services:

Cloudflare regular: 1.1.1.1 - no blocking, just fast secure DNS.
Cloudflare Malware blocking: 1.1.1.2
Cloudflare family blocks malware and adult content: 1.1.1.3 (this could be useful for some very small businesses).

Their Website:

Their AdGuard writeup shows special configurations different apps may use:

Cleanbrowsing: Offers an excellent service with both free and paid accounts. Their free services do not allow configuration.

Free services:

Security only
Adult: security plus porn and obscene content
Family: Adult plus safe browsing restricted mode and VPNs.

Paid service:

Paid basic: $60/yr covers one home. It has 3 profiles (for different family members), 14 preset filters, and the ability to allow or block specific sites.

This is worth looking at if you want more control, and by all accounts an excellent service. However, for myself, I prefer NextDNS.

Next DNS: The first 300,000 queries free. For more queries, the personal pro plan is costs $20/yr. for a family and all devices. I'm comfortable recommending this for use in a very small office as well. Business plans are $200/yr for each 50 employees. I use this myself and recommend it for sophisticated users. NextDNS offers a vast range of options and monitoring capability.

If you aren't sophisticated, have a skill professional help you set it up and be available to check it. They offer software for Android, Windows, iOS, Linux and Chrome. It covers all your devices regardless of your location.

Open DNS family - not recommended

Their free secure DNS is fine, but I find their business and family products uncompetitive.

Adguard DNS

AdGuard is a good option. They offer an assortment of packages to block and control products at competitive prices.

They also offer free DNS protection for blocking malware, ads and tracking, or free family protection to enforce safe search and adult content.

Conclusion

For simple no fuss malware protection, with fast, secure DNS, I recommend either Quad9 or Cloudflare with malware protection. Families might like the Cloudflare family option. I always setup Quad9 malware protection and secure DNS with all new computers.

For those who are interested in analyzing and much more control and blocking ads and malware, I'm shockingly impressed with NextDNS.

Date: December 2020

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Use DNS filtering Article for: Everyone Difficulty: Moderate Importance: Very useful I have pushed for DNS level protection using Quad 9 for years. It protects against malicious sites and gives you non-tracking secure DNS. I've written many times about DNS, the last one was in October. DNS (Domain Name Servers), are sets of computers with tables that translate names of websites into an address that our browser can find. Bad things can happen if it translates incorrectly. Recently, I learned that there are some very interesting alternatives! Besides giving you fast, reliable, secure translations, and protecting you from malicious sites, there are good services that will protect your children from pornography and other adult content, or prevent your employees from visiting Facebook or other social media sites. Even though designed for families, the family options could be a good idea for businesses that want to stop employees from using their computers to access inappropriate or time wasting content. What is DNS filtering? DNS receives requests for websites and returns the addresses. Secure DNS, does so securely. All the DNS options below are secure. DNS filtering, however, has a list or group of lists it blocks. So, when you ask for one of those addresses, it refuses. For example, I am using a list that blocks 68,609 specific advertising sites and tracking companies. Another list combines lists of malware and phishing sites to block them. I also block categories of sites, like dating, porn, gambling, piracy, etc. I use other similar filters to stop some specific kinds of problem sites. DNS filtering does not examine the content of what comes back. It does not look inside what is being sent. It just looks at the address of the place you are getting information from or sending to. Three basic categories Free Set it and forget it. These have no account for you to set up and no customizing. Quad9 offers this blocking malicious sites. I use this when I setup new computers. These are very careful not to block useful sites, so are unlikely to create a problem. Create a free account and log in to configure, adjust and monitor settings. These give more control, which allows for mistakes and takes more of your time. Paid accounts. These provide more precise control and also possibly create more problems. The extra power and control can be worth it. For example, a website you need to get to could be blocked and you need to unblock it for research you are doing. You can also create different profiles for different devices or users. Best DNS services I've found Quad9: This is what I use when setting up new sites. I've written about it multiple times. Their service: Free, safe, secure DNS with malicious site blocking. Set your DNS to 9.9.9.9. Their website Adguard's writeup shows special configurations different apps may use. Cloudflare Is possibly the foremost Website security company. This is an excellent free alternative. They offer 3 separate services: Cloudflare regular: 1.1.1.1 - no blocking, just fast secure DNS. Cloudflare Malware blocking: 1.1.1.2 Cloudflare family blocks malware and adult content: 1.1.1.3 (this could be useful for some very small businesses). Their Website: Regular Families Their AdGuard writeup shows special configurations different apps may use: Cleanbrowsing: Offers an excellent service with both free and paid accounts. Their free services do not allow configuration. Free services: Security only Adult: security plus porn and obscene content Family: Adult plus safe browsing restricted mode and VPNs. Paid service: Paid basic: $60/yr covers one home. It has 3 profiles (for different family members), 14 preset filters, and the ability to allow or block specific sites. This is worth looking at if you want more control, and by all accounts an excellent service. However, for myself, I prefer NextDNS. Next DNS: The first 300,000 queries free. For more queries, the personal pro plan is costs $20/yr. for a family and all devices. I'm comfortable recommending this for use in a very small office as well. Business plans are $200/yr for each 50 employees. I use this myself and recommend it for sophisticated users. NextDNS offers a vast range of options and monitoring capability. If you aren't sophisticated, have a skill professional help you set it up and be available to check it. They offer software for Android, Windows, iOS, Linux and Chrome. It covers all your devices regardless of your location. Open DNS family - not recommended Their free secure DNS is fine, but I find their business and family products uncompetitive. Adguard DNS AdGuard is a good option. They offer an assortment of packages to block and control products at competitive prices. They also offer free DNS protection for blocking malware, ads and tracking, or free family protection to enforce safe search and adult content. Conclusion For simple no fuss malware protection, with fast, secure DNS, I recommend either Quad9 or Cloudflare with malware protection. Families might like the Cloudflare family option. I always setup Quad9 malware protection and secure DNS with all new computers. For those who are interested in analyzing and much more control and blocking ads and malware, I'm shockingly impressed with NextDNS. Date: December 2020 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk