What is DNS Filtering

How DNS-Based Content Filtering Works

DNS filtering uses the Domain Name System to block access to unwanted websites. By intercepting DNS queries and checking them against a categorization database, it prevents users from reaching malicious, inappropriate, or distracting content before a connection is ever made.

Get Started

DNS filtering is a network security technique that blocks access to websites by intercepting DNS queries and comparing requested domains against categorized blocklists. Instead of loading harmful or unwanted content, filtered requests are redirected or dropped — preventing threats at the network layer before any connection is established.

According to Cisco's 2023 Cybersecurity Readiness Index, over 80% of organizations now implement some form of DNS-layer security to protect against phishing and malware. (Source: Cisco Cybersecurity Readiness Index, 2023)

Step 1: How DNS Works

The Domain Name System (DNS) is often called the phonebook of the internet. When you type a domain name like "google.com" into your browser, your device sends a DNS query to a DNS resolver, which looks up the corresponding IP address so your browser can connect.

This lookup happens for every website you visit, making DNS the perfect control point for content filtering. Every domain request passes through DNS before any content loads.

Step 2: How DNS Filtering Works

DNS filtering replaces your default DNS resolver (typically from your ISP) with a filtering DNS resolver. When a query is made:

  • Your device sends a DNS query (e.g., "What is the IP for example.com?")
  • The filtering resolver checks the domain against its categorization database
  • If the domain is allowed, the correct IP address is returned
  • If the domain is blocked, a block page or refusal is returned

This happens in milliseconds, before any website content downloads. The user either sees the website normally or sees a block notification.

Step 3: Advantages of DNS Filtering

  • No Software Required — Works by changing a network setting. No agents or apps needed on devices.
  • Device Agnostic — Protects every device on the network: computers, phones, tablets, smart TVs, game consoles, and IoT devices.
  • Fast — Filtering happens at the DNS level in milliseconds with no noticeable browsing impact.
  • Network-Wide — Configure once at the router and protect your entire network.
  • Encrypted Options — Modern DNS filtering supports DoH, DoT, and DNSCrypt for encrypted queries.

Step 4: Common Use Cases

  • Families: Block pornography and adult content to protect children
  • Schools: Meet CIPA compliance requirements and provide safe browsing
  • Businesses: Block malware, phishing, and reduce productivity-draining distractions
  • Libraries: Provide public internet access while maintaining content standards
  • MSPs: Offer managed DNS filtering as a service to clients

Step 5: DNS Filtering with CleanBrowsing

CleanBrowsing is a DNS-based content filtering service used by families, schools, and businesses worldwide. We process over 355 billion DNS requests per month across 70+ data centers.

We offer three free filters (Security, Adult, and Family) and paid plans with 19+ content categories, custom rules, activity monitoring, and more.

To get started, visit our Getting Started page or contact us at support@cleanbrowsing.org.

Ready to try DNS filtering?

Set up in minutes and start protecting your network from harmful content, malware, and unwanted distractions.

Explore Our Free DNS Filters

Last updated: March 18, 2026