In plain English
DNS filtering works like a telephone operator that refuses to connect calls to known bad numbers. When a device tries to visit a malicious website — whether through a phishing link, malware C2 beacon, or accidental navigation — the DNS filter recognises the domain and blocks the connection before any data is exchanged. It works across all devices on the network, including BYOD.
Full definition
Every internet connection starts with a DNS query: the device asks a DNS server to translate a domain name (like example.com) into an IP address. DNS filtering intercepts this query and checks the requested domain against feeds. If the domain is categorised as malicious, the filter returns a block page instead of the real address.
DNS filtering catches a broad range of threats including command-and-control beacons, pages, malvertising, drive-by download sites, and cryptomining operations. It also enforces acceptable use policies (blocking social media, adult content, etc.) without needing to inspect encrypted traffic.
DNS-over-HTTPS (DoH) is an emerging protocol that encrypts DNS queries, bypassing traditional DNS filters. Modern enterprise DNS filtering solutions handle this by enforcing encrypted DNS through managed resolvers rather than blocking it outright.