Home  /  DNS Security

Solutions

DNS filtering: stopping threats before they load.

Every time someone clicks a link, opens a website, or follows an email attachment to a download page, their device makes a DNS request — essentially asking “where do I find this?” before it connects to anything. DNS filtering inspects that request and blocks the connection if the destination is known to be malicious, before any content loads.

DNS Security

Every time someone clicks a link, opens a website, or follows an email attachment to a download page, their device makes a DNS request — essentially asking “where do I find this?” before it connects to anything.

DNS filtering inspects that request before the connection is made. If the destination is a known malicious domain, a phishing site, or a malware distribution point, the connection is blocked at that point — before any content loads, before any page renders, before any damage can be done.

It is one of the most effective and least visible layers of protection a business can have, because it works silently in the background without requiring anyone to make a decision.

What we provide

Automatic malicious domain blocking

We deploy DNS filtering that checks every DNS request against continuously updated threat intelligence. Known malicious domains, phishing sites, malware distribution points, and command-and-control infrastructure are blocked automatically before a connection is established.

Protection on the network

DNS filtering is applied at the network level for devices connected to your office network, providing a baseline layer of protection across every device regardless of what is installed on it.

Category-based content policies

Where appropriate, DNS filtering can also be used to apply content policies, restricting access to categories of websites that are not appropriate for a work environment, configurable per user group or department.

Protection across every device

DNS filtering is part of a layered approach, and the specific tooling we use varies by device type to ensure every platform in your business is properly covered. Windows devices receive agent-based DNS filtering that follows the device wherever it connects, including off your office network. macOS and Linux devices are protected through complementary security tooling appropriate to those platforms, so that DNS-level protection extends across your whole estate, not just one operating system.

If your business runs a mixed-device environment, we will confirm exactly what’s in place for each device type as part of your site survey.

Why DNS filtering matters

DNS filtering catches threats that other layers might miss. Antivirus catches malicious files once they reach a device. Email filtering catches malicious messages before they reach the inbox. DNS filtering catches the connection itself, before the browser even loads the destination, which means it can stop an attack regardless of how the malicious link reached the user — whether by email, a text message, a chat app, or a compromised website.

It works alongside the rest of your security stack: antivirus, EDR, MFA, email defence, and device hardening, each covering a different stage of a potential attack.

Part of your managed support contract

DNS filtering is included for Network Fish managed support clients as part of the security stack we deploy and manage. There is no separate product to buy or configure yourself.

One monthly fee. One number to call.

The day-to-day risk of your team reaching a malicious website becomes our job, not yours.

Book your free site survey   or call +44 (0) 207 403 4031

Frequently asked questions

What is DNS filtering?

DNS filtering is a security control that inspects DNS requests — the lookups a device makes before connecting to any website — and blocks access to known malicious domains before a connection is established. It works at the network level, stopping threats such as phishing sites, malware distribution domains, and command-and-control infrastructure before any content loads in the browser.

Does DNS filtering work on all devices?

Coverage depends on the device operating system. Windows devices receive full agent-based DNS filtering that follows the device wherever it is used, including off your office network. macOS and Linux devices are covered by network-level filtering while connected to your office network. If your business has a mixed-device estate, we will discuss the most appropriate approach for full coverage as part of your site survey.

Is DNS filtering the same as a firewall?

No, though they work together. A firewall controls what traffic is allowed to enter and leave your network based on rules around ports, protocols, and IP addresses. DNS filtering specifically inspects domain name lookups and blocks access to known malicious or inappropriate domains before a connection is made. Both are part of a layered network security approach, and we configure and manage both as part of a comprehensive security setup.

Can DNS filtering stop phishing attacks?

DNS filtering significantly reduces the risk from phishing. If a member of staff clicks a malicious link in a phishing email, DNS filtering can block the connection to the malicious destination before the fake login page or malware download loads, even if the email itself got past email filtering. It is one of several layers we deploy specifically because no single control catches every phishing attempt.

Does DNS filtering protect remote workers?

For Windows devices, yes. Agent-based DNS filtering follows the device wherever it connects to the internet, providing the same level of protection whether someone is in the office, working from home, or travelling. For macOS and Linux devices, off-network protection is more limited and is addressed on a case-by-case basis depending on the makeup of your device estate.

Is DNS filtering included in a Network Fish managed support contract?

Yes. DNS filtering is included as part of the security stack we deploy and manage for all Network Fish managed support clients, alongside antivirus, advanced threat detection, multi-factor authentication, and device hardening. There is no separate product or licence to purchase.