DNS Filtering, also known as network filtering, is a way to block entire websites. This is useful concept to understand if you want to lock down your internet to increase security and privacy and filter out unwanted content.
When attempting to visit a website the hostname (mywebsite.com) of the website is compared against a list of known problamatic websites. If there’s a match, the request is denied. Otherwise, the request is allowed to continue.
While this can completely block access to entire websites it can also block content within websites.
Explained simply; when you visit a website like “www.website.com”, you’re not just requesting the hostname “website.com.” Website.com might showcase Ad units, which rely on other hostnames to work properly. Your initial request to website.com triggers requests to someadnetwork.com and sometracker.com. Once those requests finish, the Ad widget is displayed.
Here’s an example of the Brave Browser blocking ads on the dailymail website. If you open up your browser’s development tools console you’ll see blocked requests:
A DNS Filtering service isn’t just checking your request to website.com — it’s also checking all the requests triggered by loading that website.
Then, it compares those hostnames to the specific blocklists. Ad networks are fairly well-known, so it’s trivial for a DNS Filter to block hostnames associated with ad networks.
Some filters specialize in different areas of blocking. For example, if you’re looking to protect your home network, a porn blocking dns filter is likely the best approach. These filtering services offer privacy and security, but specialize in content filtering. They often use machine learning to check the media hosted on websites you’re about to visit for inappropriate content. This is similar to how social media websites can identify your friends in your photos automatically. Some of these DNS Filtering services are really good at picking out adult content.