Why Businesses should be filtering DNS
Last Updated on March 5, 2021 by Josh Giesing
What is DNS?
For the lack of a better term, DNS, the Domain Name System, is the phone book of the internet. Computers do not understand letters. They run on numbers. Every computer on the internet has a numeric address. When you type your favorite website’s name on your browser, DNS, in the background, converts that name to its numeric address so that your computer can find your website and show the information to you.
What is DNS Filtering?
All queries for DNS go to a special server called a DNS resolver. In its simplest form, resolver’s only job is to look up the address of the computer and return the result to the requester.
The new generation of DNS resolvers have added one more functionality to the lookup job, namely filtering. By filtering DNS, we mean, the resolver looks at the DNS name of a server, compares it to a list of servers in its filtering table and decides upon what it finds in that table or not, if it will resolve the name or not.
There are two types of filtering. First and most commonly found one is called Blacklisting and the other one, as you may have guessed Whitelisting. Let’s see how each method works.
In this method of filtering, the assumption is, all names and corresponding addresses are worth resolving, unless they are in the blacklist which the resolver keeps and updates with information it pulls from trusted sources. We will come to “what are they good for” question shortly
As you can imagine from the definition of the other method, in this one, all computers and addresses are assumed to be bad and should not be resolved, unless the names are in an approved list of computers.
Why bother separating you might have asked. Let’s examine the blacklisting scenario first. We know there are websites on the internet, which prey on people’s lack of knowledge or momentary lapse of judgement or attention. Their purpose is to inflict bad things on to this poor user.
Most common examples of these websites are typo-squatters. You know, instead of typing CHASE.COM to login to your bank account, you accidentally type CHAASE.COM with a skip of a finger. If this incorrectly typed website is under the control of a malicious actor, he will know where you were trying to go to and armed with that knowledge, he could easily get your username and password to drain your account in an instant.
In the case of businesses, can you imagine the same thing happening to the company financial officer? If you didn’t filter this lookup query, you might be giving the keys of the kingdom to a bad actor.
For businesses, there is another benefit to deploy web filtering. And that is, increasing the productivity of the workers. How many times have you passed by someone’s desk or cubicle to see this person watching funny cat videos, browsing Facebook, playing online games or god forbid checking out porn sites?
Not only all of these pages are time drain, they are also opening up the company to lawsuits for sexual harassment general misconduct cases. If you only think about the employee time the company gains, you know it is not going to be just a chump change.
How about whitelisting then ? This method is a little more drastic. It is usually used by people who should not be accessing systems other than what they are authorized to. In this case, every computer out on the internet is expected to cause some sort of damage to the owner of this network.
A lot of government offices are good example of this type of DNS filtering. While you are in the office, you are expected to give your full attention to work. Facebook is not work related, unless you are the social media officer for your organization. There are many programs that let small businesses use DNS to limit traffic. There are also free dns filters such as quad9.
There is also leaking the private information of the public these offices serve. One wrong click of the mouse and millions of people’s social security numbers re in the hands of hackers. Therefore, the more public facing an office, the harder they try to protect their internal systems. And there is nothing better than DNS filtering to do this as a first line of defense.
Also, since a lookup is the simplest action in the chain of accessing a remote system, it is not resource intensive and can be deployed with no significant impact to the end users’ experience.
All in all, your company will definitely benefit from filtering DNS, even if you have other lines of defense in place.