1. Home
  2. Platform Integrations
  3. How CleanBrowsing DNS Affects Windows Active Directory (AD) and Best Practices for Integration
Searching...

How CleanBrowsing DNS Affects Windows Active Directory (AD) and Best Practices for Integration

Contents

Active Directory (AD) relies heavily on DNS for service discovery, authentication, and communication between domain-joined devices. Administrators may be tempted to configure CleanBrowsing DNS directly on workstations for web filtering, but this can inadvertently break AD functionality.

Why Changing Workstation DNS to CleanBrowsing Causes Problems

If a workstation is manually set to use CleanBrowsing instead of the AD DNS server, it will no longer be able to:

  • Resolve internal AD DNS records.
  • Locate domain controllers for authentication.
  • Apply Group Policy settings correctly.
  • Maintain proper domain trust relationships.

This can result in workstations losing connection to the domain, requiring administrators to manually rejoin them.

Best Practices: Integrating CleanBrowsing with AD DNS

Instead of configuring CleanBrowsing directly on workstations, the recommended approach is to use CleanBrowsing as a forwarder in your AD DNS server. This way, internal AD resolution remains intact while CleanBrowsing filters external web traffic.

Steps to Configure CleanBrowsing as a Forwarder in AD DNS

  1. Open DNS Manager (dnsmgmt.msc) on your AD DNS server.
  2. Right-click the server name and select Properties.
  3. Navigate to the Forwarders tab.
  4. Click Edit and add the CleanBrowsing DNS resolvers. Here are the Free Resolvers or you can use the Paid values issued in your dashboard:
    • Security Filter: 185.228.168.9 and 185.228.169.9
    • Adult Filter: 185.228.168.10 and 185.228.169.11
    • Family Filter: 185.228.168.168 and 185.228.169.168
  5. Click OK and apply the changes.

Now, all AD-joined devices will continue using the AD DNS server while benefiting from CleanBrowsing’s filtering for external domains.

Additional Safeguards to Prevent Workstation Bypasses

  • Enforce DHCP settings to ensure workstations always receive the AD DNS server.
  • Block external DNS queries at the firewall so only the AD DNS server can resolve external domains.
  • Audit DNS settings regularly to prevent accidental misconfigurations.

Conclusion

CleanBrowsing is an excellent tool for web filtering, but using it incorrectly in an AD environment can lead to serious connectivity issues. By implementing it at the AD DNS server level, administrators can maintain AD integrity while benefiting from CleanBrowsing’s security and filtering capabilities.

Updated on February 5, 2025
Tagged:
Was this article helpful?
Yes No

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support