Hey there! As an internet security analyst, I‘ve helped countless parents configure DNS filtering to protect their families online. In this comprehensive guide, I‘ll equip you with everything you need to make the internet safer for your household.
The threats facing families online today are downright scary:
1 in 10 URLs are malicious. That means if your kid clicks on 10 links, they have a high chance of encountering malware, phishing scams, or other cyberthreats designed to steal personal data and passwords.
42% of kids have been exposed to inappropriate content online, including pornography, violence, hate speech and more according to a survey by Digital Guardian. This early exposure can lead to long-term emotional and psychological effects.
61% of U.S. kids connect a new internet-enabled device to WiFi without parental approval according to McAfee’s 2021 Parenting Digital World study. Unfiltered access on these devices puts kids at risk.
This is where enterprise-grade DNS filtering solutions come in. Designed for large corporate networks, these services are now available for home use to block threats and inappropriate content at the DNS level.
How Does DNS Filtering Work?
DNS filtering intercepts requests made to the DNS (Domain Name System) which translates human readable domain names into IP addresses.
By filtering these requests against a massive blacklist of over 100 million unsafe domains maintained by the service, it can block access before any content is downloaded.
For example, if a device on your network tries to access an inappropriate site, the DNS filter will resolve the domain to an IP address it controls instead of the actual site. This results in a block page rather than the unsafe content being displayed.
Some key technical capabilities of DNS filtering include:
Categorization – Domains are classified into content categories like pornography, violence, gambling etc. which can then be blocked by category.
Blacklisting/Whitelisting – Specific domains can be blacklisted to always block them or whitelisted to always allow them.
Logging – Detailed logs allow parents to see which domains each device on the network has attempted to access.
Threat intelligence – Frequent updates ensure new phishing sites, malware domains and other emerging threats are blocked.
Now let‘s look at the top enterprise-grade DNS filtering solutions available for home use today.
Top 8 DNS Filtering Services for Families
1. Zscaler Internet Access
Zscaler offers the same DNS filtering capabilities it provides to major corporations like Siemens and NASA now customized for home networks. Features include:
160+ content categories – Finely tuned categories like Cultism, Child Abuse, Sex Education ensure inappropriate content is blocked without overblocking legitimate sites.
30+ security categories focused on malware, phishing, spyware, botnets and more. Over 60% of threats blocked by Zscaler are zero-day threats not detected by other vendors.
Zscaler Enforce – Client software extends filtering to devices outside your home WiFi. Useful for protecting laptops and smartphones on cellular networks.
Zscaler is used to secure the networks of over 450 global enterprises. Its threat intelligence leverages data from processing 150 billion web transactions daily.
2. Cisco Umbrella
Cisco Umbrella is a secure internet gateway. By funneling all DNS queries through Umbrella, it blocks threats while providing visibility into activity. Benefits for families include:
- Granular content policies with 60+ categories allow custom blocking by age
- Anti-malware and anti-phishing inspection blocks threats early
- Robust allow/deny lists for specific domains
- Filters across devices and networks with Umbrella roaming client
Cisco Umbrella secures 100 million users across 700,000 customer sites, analyzing 80 billion web requests daily for threats.
WebTitan Cloud filters DNS traffic through a secure cloud gateway. Features tailored for home use include:
- Intelligent Content Filter blocks 27 content categories
- Advanced Threat Protection using deep packet sandbox malware analysis
- Individual policy options for each family member
- Detailed historical browsing reports
- Custom allow/deny lists
WebTitan uses collective threat intelligence from over 50,000 customer sites to identify emerging threats.
4. Fortinet DNS Filtering
Fortinet leverages the same DNS filtering used in its business-grade firewalls and web filtering solutions for the home. This includes:
- URL and content category-based filtering with 60+ categories
- Real-time antiphishing and antivirus inspection
- Age-specific filtering profiles
- Time-based access schedules e.g. limit social media to after school
- Individual device filtering reports
Fortinet inspects and filters over 34 billion web requests per day for threats.
5. DNSFilter Home
DNSFilter uses a global network of DNS resolvers to route and filter traffic. Benefits for home networks include:
- Blocks threats, adult content, social media, gambling sites, and more
- Custom allow/deny lists for specific URLs
- Filters across devices when setup at the router level
- Provides visibility into suspicious activity with reports
DNSFilter processes over 70 billion queries monthly and halts 5 million threats daily.
CleanBrowsing offers a free DNS resolver service along with paid tiers. It blocks:
- Adult, gambling, phishing, malware sites, and proxies by default
- Over 50 million dangerous domains across categories
- Billions of adult website pages
CleanBrowsing processes more than 8 billion queries daily. Paid tiers provide better network-wide performance.
7. ControlD Filtering
ControlD provides both home and business filtering. Home highlights:
- 60+ category filters including cryptojacking, hate, cultism etc.
- Advanced anti-phishing and anti-malware threat detection
- Individualized profiles and detailed reports by device
- Custom whitelists and blacklists
ControlD filters over 1.5 trillion requests annually for a diverse global enterprise customer base.
8. Neustar Recursive DNS
Neustar Recursive DNS is an enterprise-grade filtering service now for home use. It offers:
- Granular policy controls with 125 categories like extremism, abortion etc.
- Real-time anti-malware and anti-phishing inspection
- Individual profiles to target specific devices
- Activity dashboard and alerts
Neustar Recursive DNS protects over 70 million endpoints across 12,000 customers.
Layered Security is Key
While DNS filtering provides vital network-level security, it isn‘t a silver bullet. For comprehensive protection, take a layered approach:
- Install antivirus software on all devices
- Use a home firewall/intrusion prevention device
- Connect devices to a trusted VPN when on other networks
- Enable multi-factor authentication wherever possible
- Frequently check devices and accounts for unknown activity or access
- Have ongoing conversations with kids about online safety
Getting Buy-in from the Kids
For DNS filtering to work, kids need to understand why the extra protection is important vs. feeling punished. Some tips:
- Have an open talk about online dangers and why filtering/limits are needed
- Make sure some of their favorite sites aren‘t inadvertently blocked
- Start with more lenient policies first, then tighten controls as issues arise
- Offer incentives for responsible browsing habits and not attempting to circumvent controls
Walkthrough: Setting Up DNS Filtering on a Home Network
Let‘s look at how easy it is to set up DNS filtering at the router level to cover all connected devices:
Create an account with the DNS filtering service of your choice using an email address. Use promo codes where available to save on home subscriptions.
Log into your router admin console using the provided username and password. Locate the DNS server settings.
Change the DNS servers to use the DNS IP addresses provided by the filtering service company. This routes traffic through their resolvers.
Adjust any filtering policies desired in the vendor‘s web portal, applying targeted categories and site lists to protect your household.
With DNS filtering applied at the router, every device that connects to your home WiFi will automatically have websites and internet traffic filtered. You‘re now a huge step closer to protecting your family online!
Sadly, we can‘t eliminate all the risks the internet poses to our families. However, by leveraging the same enterprise-grade DNS filtering relied on by large companies, we can dramatically reduce exposure to cyber threats and inappropriate content.
Take the time to research services and find one that aligns with your budget and security priorities. Combined with good digital habits and open conversation, DNS filtering helps keep your family safe so kids can explore the internet with confidence.