How a DNS Firewall Works

The Domain Name System is one of the foundational technologies of the Internet. It is the central means by which Internet-connected computers can be "named" so web clients and users can find them automatically.

The DNS system depends on a sub-network of servers called "nameservers" which are organized in a hierarchy and deployed strategically across the Internet's infrastructure. Each of these nameservers contains a directory of names and addresses very much like the old phone book. The nameserver's job is to accept a name and then return the address associated with that name. The process is known as a DNS lookup.

That process is also how your web browser knows what computer to ask for information when you type a domain name into the address bar or click on a link.

IP Addresses

Every computer on the Internet has a numerical address consisting of a 32-bit values arranged in a sequence of four 8-bit values called a "dotted quad." This kind of address is known as an "IPv4" address. Since it is based on a 32-bit number, it means there are roughly 4 billion addresses available. Every computer on the Internet has an IP address. These addresses can be thought of as unique ID numbers. They are used so each system on the Internet knows where to route requests for information and the responses to those requests.

Firewalls

At its most basic, all a firewall does is analyze a network request to see if it matches certain criteria. If it does, it is blocked. If it does not, it is allowed. Firewalls are often used for DNS security. The simplest DNS firewalls watch every request for an IP address. The "rules" or criteria in the firewall are keyed to recognize certain addresses or "ranges" of addresses. When one of those IP addresses is included in a request or a response, the firewall simply drops the connection.

Firewalls operate this way because allowing an unauthorized computer to connect to your system can be a security risk. The firewall is the device or software that makes sure all your connections are authorized so you can avoid any potential security problems. Every computer should either be equipped with a firewall or at minimum be connected to the network through a hardware DNS firewall. This kind of technology combined with a basic anti-malware and anti-virus installation is the most basic security, but it can still be very effective in preventing unauthorized access to your system.