How to choose the right DNS provider for the job

As mentioned in our earlier blog post, DNSFilter is focused on servicing MSP’s and operators of multiple networks. We will discuss how and why DNSFilter is right for this job. However, what if you are not a managed service provider? Here are our picks for the best DNS content filtering solutions out there depending on your need:


Home users typically have the most basic requirements. As a home user, you are most likely simply trying to secure your home network against being able to visit adult web sites and inappropriate content, in order to keep the internet safer for your children. In this case, I would suggest OpenDNS’s Family Shield service. This is a “set it and forget it” method. Simply point your home router to their DNS servers and filtering will occur against adult content. If you need something more involved than this, or want to see statistics then perhaps it’s time to look at DNSFilter, or OpenDNS’s next level product — HomeVIP. HomeVIP is essentially the deprecated version/pre-cursor to Umbrella.

Where DNSFilter Excels:

DNSFilter is focused on providing the best solution for managed service providers (MSPs), operators of multiple networks, wireless ISPs (WISPs), ISPs and small and mid-level organizations. These networks are typically bring-your-own-device (BYOD) networks.

Essentially, any customer looking to provide content filtering and threat protection that must be backed by analytics and a strong anycast network for global or regional reach is the perfect customer for DNSFilter. Our strong suit is the ability to provide transparent pricing, a clean interface and the ability to get you up and running faster than any other provider on the market.


Where DNSFilter currently starts to become a second choice is in the Enterprise market, in my opinion. This is not due to scale — we can handle billions of requests. The situation in which DNSFilter may not be the primary choice for an Enterprise really only comes into play if the Enterprise is looking to provide on-device protection by deploying user agents/programs that control the device’s DNS settings and force requests through a DNS content filter even when the device is out of the network. In most cases, OpenDNS’s umbrella solution is best for this.

However, that being said, DNSFilter can provide the same functionality using third party software. Here are a few examples of software that can be used on your devices to stick with DNSFilter for content filtering while traveling outside of your network:

iOS: DNS Override

Mac OS: Updater client, such as DynDNS Updater and manually setting DNS.

Windows: Updater client, such as DynDNS Updater and manually setting DNS.

Android: DNS Changer and Dynamic DNS Updater

Linux: Updater client, such as DynDNS Updater and manually setting DNS.

What about local/hardware based filtering options:

While appliance based content filtering devices such as those produced by Barracuda, Websense, Palo Alto Networks or Fortinet can be functional, I simply cannot recommend them for most of our target customers. It is my feeling that any appliance-based service is moving towards deprecation industry-wide, at least as a majority. The downsides of an appliance is that it costs a lot of money upfront, you must maintain it, there are license fees and support fees forever. Finally, it can also become a point of slowdown on your network as traffic increases.

That being said, DNS filtering does have its limits. It’s part of the ‘onion layers of security’. For a BYOD network, having Network Address Translation (NAT) in place, along with a DNSFilter, is a great first step. Since you don’t control the end-points, you can’t force them to have anti-virus protection; but DNSFiltering can help limit the extent of damage infected nodes can do to the network. By limiting Command and Control botnet connectivity, you can prevent infected nodes from participating in Denial of Service attacks, sending spam, and other malicious actions which can degrade the performance of your network, and cause you to deal with notices from your ISP.

Corporate networks, where they own and control end-points have more control, and have additional layers of security to consider, but often fall victim to those protections being at the office. When increasingly mobile staff is on the road, at a hotel with their company laptop, they also need protection. This is where you need to make sure your only layers of protection are not ‘big boxes’ looking at network traffic at the office.



  • There are no suggestions because the search field is empty.
Latest posts
An Interview With DNSFilter’s New CTO, TK Keanini An Interview With DNSFilter’s New CTO, TK Keanini

In exciting news, DNSFilter recently hired TK Keanini to fill the role of Chief Technology Officer (CTO). TK has over 30 years of experience in network security and most recently served as the Vice President of security architecture and CTO of Cisco Secure. In his new role, TK will lead product management, customer experience, engineering, and security intelligence toward ongoing innovation and growth, focusing on customer needs and feedback to d...

The Intersection of 5G, Public Wi-Fi, and Network Security: Who’s at Risk? The Intersection of 5G, Public Wi-Fi, and Network Security: Who’s at Risk?

The transition from 4G to 5G is revolutionizing the way we connect and communicate, promising unprecedented speed, capacity, and low latency. However, this evolution also brings its own set of challenges, particularly concerning network coverage and security.

Revving up the Fun: DNSFilter's IndyCar Experience Recap—Detroit Grand Prix Edition Revving up the Fun: DNSFilter's IndyCar Experience Recap—Detroit Grand Prix Edition

This past weekend, we had the incredible opportunity to host guests at the Detroit Grand Prix. With representatives from Trace3, Guidepoint, Connection, and Judy Security, the event brought together tech experts and channel professionals for an exhilarating experience.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.