OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years



Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category


powered by pmc2m

 

Use DNS filtering

Article for: Everyone
Difficulty: Moderate
Importance: Very useful


 
I have pushed for DNS level protection using Quad 9 for years. It protects against malicious sites and gives you non-tracking secure DNS. I've written many times about DNS, the last one was in October. DNS (Domain Name Servers), are sets of computers with tables that translate names of websites into an address that our browser can find. Bad things can happen if it translates incorrectly.

Recently, I learned that there are some very interesting alternatives! Besides giving you fast, reliable, secure translations, and protecting you from malicious sites, there are good services that will protect your children from pornography and other adult content, or prevent your employees from visiting Facebook or other social media sites. Even though designed for families, the family options could be a good idea for businesses that want to stop employees from using their computers to access inappropriate or time wasting content.

What is DNS filtering?

DNS receives requests for websites and returns the addresses. Secure DNS, does so securely. All the DNS options below are secure. DNS filtering, however, has a list or group of lists it blocks. So, when you ask for one of those addresses, it refuses. For example, I am using a list that blocks 68,609 specific advertising sites and tracking companies. Another list combines lists of malware and phishing sites to block them. I also block categories of sites, like dating, porn, gambling, piracy, etc. I use other similar filters to stop some specific kinds of problem sites.

DNS filtering does not examine the content of what comes back. It does not look inside what is being sent. It just looks at the address of the place you are getting information from or sending to.

Three basic categories

  1. Free Set it and forget it. These have no account for you to set up and no customizing. Quad9 offers this blocking malicious sites. I use this when I setup new computers. These are very careful not to block useful sites, so are unlikely to create a problem.
  2. Create a free account and log in to configure, adjust and monitor settings. These give more control, which allows for mistakes and takes more of your time.
  3. Paid accounts. These provide more precise control and also possibly create more problems. The extra power and control can be worth it. For example, a website you need to get to could be blocked and you need to unblock it for research you are doing. You can also create different profiles for different devices or users.

Best DNS services I've found


Quad9: This is what I use when setting up new sites. I've written about it multiple times.
  • Their service: Free, safe, secure DNS with malicious site blocking. Set your DNS to 9.9.9.9.
  • Their website
  • Adguard's writeup shows special configurations different apps may use.

Cloudflare Is possibly the foremost Website security company. This is an excellent free alternative.
  • They offer 3 separate services:
    • Cloudflare regular: 1.1.1.1 - no blocking, just fast secure DNS.
    • Cloudflare Malware blocking: 1.1.1.2
    • Cloudflare family blocks malware and adult content: 1.1.1.3 (this could be useful for some very small businesses).
  • Their Website:
  • Their AdGuard writeup shows special configurations different apps may use:

Cleanbrowsing: Offers an excellent service with both free and paid accounts. Their free services do not allow configuration.
Free services:
  • Security only
  • Adult: security plus porn and obscene content
  • Family: Adult plus safe browsing restricted mode and VPNs.

Paid service:
Paid basic: $60/yr covers one home. It has 3 profiles (for different family members), 14 preset filters, and the ability to allow or block specific sites.

This is worth looking at if you want more control, and by all accounts an excellent service. However, for myself, I prefer NextDNS.

Next DNS: The first 300,000 queries free. For more queries, the personal pro plan is costs $20/yr. for a family and all devices. I'm comfortable recommending this for use in a very small office as well. Business plans are $200/yr for each 50 employees. I use this myself and recommend it for sophisticated users. NextDNS offers a vast range of options and monitoring capability.

If you aren't sophisticated, have a skill professional help you set it up and be available to check it. They offer software for Android, Windows, iOS, Linux and Chrome. It covers all your devices regardless of your location.

Open DNS family - not recommended
Their free secure DNS is fine, but I find their business and family products uncompetitive.

Adguard DNS
AdGuard is a good option. They offer an assortment of packages to block and control products at competitive prices.

They also offer free DNS protection for blocking malware, ads and tracking, or free family protection to enforce safe search and adult content.

Conclusion
For simple no fuss malware protection, with fast, secure DNS, I recommend either Quad9 or Cloudflare with malware protection. Families might like the Cloudflare family option. I always setup Quad9 malware protection and secure DNS with all new computers.

For those who are interested in analyzing and much more control and blocking ads and malware, I'm shockingly impressed with NextDNS.



Date: December 2020


Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

 
 
  Please direct questions/suggestions about website to the webmaster