How does DNS blocking work?
To understand fully how DNS blocking works we need to take a step back. Every web page’s IP address—the multidigit identification code—is the site’s most essential nametag on the home server. But the IP address is simply not practical for a user to enter every time they wish to access a web page. If you are looking for Twitter, for example, it would be quite impractical to search for its IP address—184.108.40.206—each time you wanted to reach the home page. DNS—or the domain name system—is the process of naming websites in human language as opposed to their numerical IP addresses.
Created in 1983 to help make the internet more intuitive for everyday users, DNS essentially acts as telephone book that links the “reader-friendly” domain name to its less reader-friendly IP address. (All the “translating” is done in the background by your servers.)
A DNS block works by removing the IP address name from the “phonebook” on your server. For example, if you were to block Twitter using a DNS blocker, your server would intentionally forget the name assigned to 220.127.116.11. As a result, DNS blockers disable your server from locating particular web pages. To block whole genres of web pages, like piracy sites, DNS blocking services can set your server to forget large swaths of IP addresses that fit certain criteria. This breaks the communication between the IP server and the user’s device.
This way, DNS blocking can be a quick and easy way to prevent staff acessing malicious or unwanted web pages with negligible overheads and no physical hardware.
Is it safe to use OpenDNS?
One of the most popular free DNS tools is OpenDNS. The free versions do not install new hardware or software into your device, so using OpenDNS has very few associated security risks. However, if you are using a third-party server to bypass OpenDNS, you must always be aware of the possibility of malware or bad actors interfering with your data transmission.
OpenDNS itself uses a long list of well-protected servers around the world that will not interfere with personal data. Utilizing OpenDNS can certainly be much safer than not using a DNS blocking program at all, and many users effectively employ OpenDNS to block malicious sites, even if they have no reason to screen out NSFW content.
Things to consider when using OpenDNS
When using OpenDNS, it’s important to understand your boundaries. If you’re only interested in blocking malicious websites with threat detection, you might want to make sure to customize your program on a lower security setting. If you’re interested in blocking a wider range of sites, you need to understand that other, more knowledgeable users could still subvert these safeguards through DNS readdressing and proxy servers.
This doesn’t mean users who subvert OpenDNS are undetectable—for a business with OpenDNS in place, network activity can still be detected on your server. But, if you have serious concerns about potential bad actors within your system, it’s important to be aware of the potential of OpenDNS bypass. This means you might want to keep track of security threats through additional security software.
SolarWinds MSP offers a variety of security monitoring features, which can monitor data logs as well as network activity. SolarWinds Threat Monitor, for example, provides advanced threat detection and monitoring for you to track activity. Threat Monitor uses an alert system to notify you if any unusual activity is detected in login data or network access events. If you are managing IT for a company with serious network security concerns, it may be advisable to invest in a more comprehensive security toolbox.
It’s important to stress to customers that no DNS blocker is 100% foolproof, although many of them come close. As a best practice, businesses might find it helpful to couple a DNS blocker with an established protocol regarding the types of webpages employees shouldn’t be visiting at work.
Read through our blog for other common questions and concerns with DNS-related issues.