DNS Filtering
Overview
DNS Filtering blocks access to malicious and unwanted websites by intercepting DNS queries. Stop threats before they reach your network.
How DNS Filtering Works
Query Flow
1. User types URL → 2. DNS Query → 3. Bastion DNS → 4. Check Policy
↓
5. Block Page ← (if blocked) ← 6. Response
or
5. Resolved IP ← (if allowed) ← 6. Response
Protection Layers
| Layer | Protection |
|---|---|
| Threat Intelligence | Known malicious domains |
| Category Filtering | Content categories |
| Custom Rules | Your allow/block lists |
| AI Detection | Newly registered domains |
Setup
DNS Configuration
Option 1: Device Agent
Endpoints with Bastion agent automatically use filtered DNS:
- Agent installed on device
- DNS automatically configured
- No additional setup needed
Option 2: Network Level
Configure your network to use Bastion DNS:
DNS Servers:
Primary: 103.247.36.36
Secondary: 103.247.37.37
Configure at:
- Router/firewall
- DHCP server
- Active Directory DNS
Option 3: MDM Profile
Deploy DNS configuration via MDM:
- Create DNS configuration profile
- Set Bastion DNS servers
- Deploy to managed devices
Encrypted DNS
Support for encrypted DNS protocols:
| Protocol | Port | URL |
|---|---|---|
| DNS over HTTPS (DoH) | 443 | https://dns.bastion.io/dns-query |
| DNS over TLS (DoT) | 853 | dns.bastion.io |
Filtering Policies
Default Protection
All accounts include:
- Malware domains
- Phishing sites
- Command & control servers
- Cryptomining sites
Content Categories
Block content by category:
| Category | Examples |
|---|---|
| Adult Content | Pornography, mature content |
| Gambling | Betting, casinos |
| Social Media | Facebook, Twitter, TikTok |
| Streaming | Netflix, YouTube |
| Gaming | Online games, game platforms |
| Shopping | E-commerce sites |
Creating Policies
- Navigate to Web Browsing → DNS Filtering
- Click Create Policy
- Configure:
- Policy name
- Block categories
- Custom allow/block lists
- Target devices/groups
- Save and apply
Custom Rules
Blocklist
Block specific domains:
- Go to Custom Rules → Blocklist
- Click Add Domain
- Enter domain (e.g.,
example.com) - Add description
- Save
Allowlist
Allow specific domains (override blocks):
- Go to Custom Rules → Allowlist
- Click Add Domain
- Enter domain
- Add description
- Save
Wildcard Support
Use wildcards for subdomain matching:
| Pattern | Matches |
|---|---|
*.example.com | All subdomains |
example.com | Domain only |
*example* | Contains "example" |
Block Pages
Custom Block Page
Customize the page users see when blocked:
- Company branding
- Custom message
- Request exception link
- Redirect URL
Block Page Content
Include:
- Why the site is blocked
- Category that triggered block
- How to request access
- IT contact information
Exception Requests
User Requests
Allow users to request exceptions:
- User visits blocked site
- Clicks "Request Access"
- Fills request form
- Admin reviews and approves/denies
- User notified of decision
Managing Requests
- Go to Requests
- Review pending requests
- Approve or deny with comment
- Temporary or permanent exception
Reporting
Dashboard Metrics
| Metric | Description |
|---|---|
| Queries | Total DNS queries |
| Blocked | Queries blocked |
| Categories | Blocks by category |
| Top Blocked | Most blocked domains |
Query Logs
View detailed query history:
- Timestamp
- Source device/user
- Queried domain
- Action (allowed/blocked)
- Category matched
Reports
Generate reports:
- Daily/weekly summaries
- Top blocked domains
- Category breakdown
- User activity (if enabled)
Integration
SIEM Integration
Forward DNS logs to SIEM:
- Syslog format
- CEF format
- JSON format
Alerting
Configure alerts for:
- Malware domain access attempts
- High-volume blocking
- New threat detections
- Policy violations
Best Practices
Start with Threat Blocking
Enable threat categories first. Add content categories based on policy needs.
Test Before Deploying
Test policies on pilot group before organization-wide deployment.
Maintain Allowlists
Business-critical sites may get blocked. Maintain an allowlist for exceptions.
Review Regularly
Review blocked queries and exception requests regularly to refine policies.