How to choose the right DNS provider for the job

As mentioned in our earlier blog post, DNSFilter is focused on servicing MSP’s and operators of multiple networks. We will discuss how and why DNSFilter is right for this job. However, what if you are not a managed service provider? Here are our picks for the best DNS content filtering solutions out there depending on your need:

Home:


Home users typically have the most basic requirements. As a home user, you are most likely simply trying to secure your home network against being able to visit adult web sites and inappropriate content, in order to keep the internet safer for your children. In this case, I would suggest OpenDNS’s Family Shield service. This is a “set it and forget it” method. Simply point your home router to their DNS servers and filtering will occur against adult content. If you need something more involved than this, or want to see statistics then perhaps it’s time to look at DNSFilter, or OpenDNS’s next level product — HomeVIP. HomeVIP is essentially the deprecated version/pre-cursor to Umbrella.

Where DNSFilter Excels:


DNSFilter is focused on providing the best solution for managed service providers (MSPs), operators of multiple networks, wireless ISPs (WISPs), ISPs and small and mid-level organizations. These networks are typically bring-your-own-device (BYOD) networks.

Essentially, any customer looking to provide content filtering and threat protection that must be backed by analytics and a strong anycast network for global or regional reach is the perfect customer for DNSFilter. Our strong suit is the ability to provide transparent pricing, a clean interface and the ability to get you up and running faster than any other provider on the market.

Enterprise:


Where DNSFilter currently starts to become a second choice is in the Enterprise market, in my opinion. This is not due to scale — we can handle billions of requests. The situation in which DNSFilter may not be the primary choice for an Enterprise really only comes into play if the Enterprise is looking to provide on-device protection by deploying user agents/programs that control the device’s DNS settings and force requests through a DNS content filter even when the device is out of the network. In most cases, OpenDNS’s umbrella solution is best for this.

However, that being said, DNSFilter can provide the same functionality using third party software. Here are a few examples of software that can be used on your devices to stick with DNSFilter for content filtering while traveling outside of your network:

iOS: DNS Override

Mac OS: Updater client, such as DynDNS Updater and manually setting DNS.

Windows: Updater client, such as DynDNS Updater and manually setting DNS.

Android: DNS Changer and Dynamic DNS Updater

Linux: Updater client, such as DynDNS Updater and manually setting DNS.

What about local/hardware based filtering options:

While appliance based content filtering devices such as those produced by Barracuda, Websense, Palo Alto Networks or Fortinet can be functional, I simply cannot recommend them for most of our target customers. It is my feeling that any appliance-based service is moving towards deprecation industry-wide, at least as a majority. The downsides of an appliance is that it costs a lot of money upfront, you must maintain it, there are license fees and support fees forever. Finally, it can also become a point of slowdown on your network as traffic increases.

That being said, DNS filtering does have its limits. It’s part of the ‘onion layers of security’. For a BYOD network, having Network Address Translation (NAT) in place, along with a DNSFilter, is a great first step. Since you don’t control the end-points, you can’t force them to have anti-virus protection; but DNSFiltering can help limit the extent of damage infected nodes can do to the network. By limiting Command and Control botnet connectivity, you can prevent infected nodes from participating in Denial of Service attacks, sending spam, and other malicious actions which can degrade the performance of your network, and cause you to deal with notices from your ISP.

Corporate networks, where they own and control end-points have more control, and have additional layers of security to consider, but often fall victim to those protections being at the office. When increasingly mobile staff is on the road, at a hotel with their company laptop, they also need protection. This is where you need to make sure your only layers of protection are not ‘big boxes’ looking at network traffic at the office.

 

 

Search
  • There are no suggestions because the search field is empty.
Latest posts
What is Secure Web Gateway: What It Does, Benefits, and More What is Secure Web Gateway: What It Does, Benefits, and More

In today's world of ever-increasing cyber threats, organizations need strong defenses to protect their networks and data and in this complex digital ecosystem, we need more than just one line of defense.

Revving Up the Fun: DNSFilter's IndyCar Experience Recap — St. Pete Edition Revving Up the Fun: DNSFilter's IndyCar Experience Recap — St. Pete Edition

What a weekend at the track! DNSFilter was thrilled to host 10 guests alongside Pax8 this weekend for an unforgettable IndyCar experience in sunny St. Petersburg. Those who joined us came from Thrive, MVP Network Consulting LLC, Myrtle Beach Academy of Aviation, Entech, NetGain Technologies,Warren Averett Technology Group, LLC, and ECMSI—we were lucky to be in such great company for our very first race of the season.

Man-in-the-Middle Attacks: What Are They? Man-in-the-Middle Attacks: What Are They?

A man-in-the-middle (MITM) attack is a form of cyber threat where a bad actor inserts themselves into a conversation between two parties, intercepts traffic, and gains access to information that the two parties were trying to send to each other. It allows attackers to eavesdrop, collect data, and even alter communications between victims. Understanding the mechanics, implications, and defense mechanisms against MITM attacks is essential for prote...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.