DNS Filtering

(aka - Blocking Malicious Websites)

Graphic of digital data travelling through a tunnel

As well as all the usual security tips we hear, there's a few other easy tricks that can really help to protect your computer and data.

You'll no doubt be aware of the need to use antivirus, to keep software updated, and to learn to recognise phishing emails, but a lesser known - yet highly effective - way of further reducing the risks of viruses or being a victim of fraud is to change your 'DNS' settings.

Jump straight to topic:


What is DNS filtering?

An old style printed telephone address book

DNS (which stands for "Domain Name System") is effectively a massive global address book of websites. It's how your computer knows how to find any website, by converting the web addresses we type into an 'IP address' (a series of numbers) that your computer is able to understand.

By default most computers will use a DNS 'address book' from your internet service provider, often giving little or no security protection. If you were instead to use one of the specialist DNS services which block malicious websites, you could:

  • Prevent your web browser from opening any virus-infected websites;
  • Alert you if you visit a phishing website that's trying to harvest your personal details;
  • Block certain viruses from working, by denying them the ability to call home to download further damaging viruses;

These services work by maintaining and constantly updating a list of malicious sites, and refusing to tell your computer how to find the site. It's like a phone directory that refuses to list the phone numbers of any rogue traders or fraudulent workmen.

It effectively complements the work that your antivirus is already doing, preventing your computer from being able to find or connect to many malicious sites in the first place.

Changing to a secure DNS service is quick to do & only needs doing once. And the best bit? It can be free!


Ok I'm sold - how do I set it up?

There's several DNS services you can use, but amongst the free ones that filter malicious websites are:

  • Quad9, backed by IBM (amongst others).
  • Comodo, a major player in internet security.

To set them up you simply need to change the DNS settings in your computer. This may sound technical and scary but it's actually very simple - you can find step-by-step guides on their websites for setting up Quad9 and for Comodo. It should take about 2 minutes.

And that's all there is to it! Once it's set up you can forget about it, safe in the knowledge that you've just added an extra & powerful layer of virus & phishing protection to your computer.

Other similar DNS services are available too but (at the time of writing) either charge a small fee or have a slightly different focus:

  • OpenDNS - free for adult website blocking; charges for malicious website protection;
  • SafeDNS - charges for malicious website protection & adult website blocking.

Are there any other benefits?

Absolutely! Changing your DNS isn't just for security purposes (although it's the main aspect we've focused on here); it can also:

  • Speed up webpage load times;
  • Give you more privacy by not recording which websites you're visiting (although note that this doesn't apply to every service).
  • Block certain types of website - some services allow you to customise categories of website to block, such as adult websites, adverts, guns, or hacking.
  • Encrypt DNS address lookups - this can help prevent hackers from maliciously redirecting you to a different website.

Have any feedback on this page? Let us know - [email protected]