Scheduled Filtering Policies (Time-of-Day Filtering)

It's now possible to schedule multiple filtering policies in the same day/week.

Some details:

  • A policy must have a minimum duration of 15 minutes
  • A policy can only start in 15-minute intervals (:00/:15/:30/:45)
  • If a domain's TTL exceeds transition point of the next policy, it'll automatically be reduced to the transition point, minus 1 second.
  • Any areas left blank will result in No policy (no security categories either)!
  • Chrome and Firefox require a minimum 60-second TTL, so the transition between policies have a theoretical delay of 60 seconds in real-world applications.

The calendar interface supports drag-n-drop and click-to-expand for easy implementation and changes.

Or, choose an all-day policy for specific days.

After creating your filtering schedule, select it from the Networks --> Policies (tab) section of the Dashboard. Filtering Schedules are denoted by the calendar icon.

CNAME Awareness in Whitelist

Adding a domain to the Whitelist didn't always result in full access to the desired website/service; domains are often CNAMEs, and the target of the CNAME is also required to be whitelisted to load the page and associated content.

When adding a domain to the whitelist, DNSFilter now automatically checks if the domain is a CNAME and requires adding extra domains; the administrator is then notified and provided the option to add the domains.

While this doesn't solve the problem of wanting to whitelist all domains which load content on a specific webpage, it certainly helps us to address a common issue when Whitelisting domains.

Domain Lookup Tool Enhancements

Our Domain Lookup Tool previously only served two functions:

  • Print a domain's categories
  • Report if a domain's categories were inaccurate

The Domain Lookup Tool has the following new features:

  • Prints the Policy name if the domain is on a Blacklist or Whitelist of a Policy.
  • Report if a domain is a known threat, with the ability to provide additional context.

Real-Time Query Log, Reporting: Export CSV

Query Log

This feature allows searching all DNS queries for up to 72 hours; optionally, for specific domains or response types (blocked or allowed).

This allows for much easier troubleshooting for an array of circumstances and use cases.

This feature can be found in the Tools section of the Dashboard.

This release only allows searching of domain names ( and not specific subdomains (, but a subsequent update will allow this.

Reporting: Export CSV

The following Reports can now be exported to a CSV file:

  • Top Requests
  • Threats
  • Query Log (Tools)

Customizable Bypass Password, New Reporting Charts, Anycast Block Pages

Customizable Bypass Password

One of our most requested enhancements.

Customers can now set a custom bypass password at the Block Page Policy level. Previously this was set at the network level, and only a static password was offered.

New Charts

Part of a series of updates to the Reporting system. We've updated our charts library, which is more aesthetically pleasing, contextual, and more importantly, accurate.

AnyCast Block Pages

Although we have DNS servers all over the world, our block pages were only hosted in a single location in Dallas, Texas, USA. This meant the pages would be slower to load for European customers, and were a single point of failure being in a single data center.

Our block page IP address is now an Anycast address, with locations in the following locations:

  • New Jersey, NJ
  • Las Vegas, NV
  • Roost, Luxembourg

European customers will now experience faster block page rendering, and our block pages are now fully redundant.

SSL Certificate, External Block Pages

It's been a while since our last update, and your patience have not been in vane.

SSL Root Certificate

We're pleased to release our most popular feature request, an SSL Root Certificate.

By installing the certificate on a device, block pages loading over HTTPS can be viewed, resulting in less confusion and education for endusers, in addition to the added functionality of using the proxy bypass option.

With SSL Root certificate

Without SSL Root certificate

The certificate can be downloaded in the new Tools -> SSL Certificate Section of the Dashboard, which also has embedded installation instructions for Windows, MacOS, and Linux (Debian/Ubuntu) and link to our KB article for deploying the certificate using Active Directory.

External Block Pages (302 Redirect)

We've added the option to host your own block page, which is triggered by a 302 redirect.

Blocks occurring over HTTPS will only be redirected if the SSL certificate is installed, otherwise a certificate mismatch error will appear as expected.

Block Page Policies, Payment Status

Block Page Policies

Previously, Block Page settings were only configurable at the Network level; this meant customers wanting to have the same Block Page logo and/or behavior had to repeatedly configure the same settings for each Network.

Block Page settings can now be configured as a separate entity under Policies, which allows customers to use the same Block Page settings for numerous networks.

Existing Block Page settings have been migrated to the new Policies --> Block Pages tab, and existing customers will need to consolidate as necessary.

The Block Page policies are then assigned in the Networks section.

Block Page Bypass remains a per-network option, as our survey results overwhelmingly showed that customers prefer to enable this feature on a per-network basis.

Payment Status of invoices is now available in the Organization section in the Billing Info tab.

Dynamic DNS over HTTPS

We now support Dynamic DNS (DDNS) updates over HTTPS to all supported DDNS providers.

Example ddclient config with ssl enabled.

Any questions or issues should be directed to support.

Multi-User Support, Organization Information, Separate Billing Contact

Multi-User Support

Unlimited Administrator and Read-Only accounts are now available in the Dashboard, in the new Organization menu.

We also plan to offer Billing-only accounts for accessing invoices and credit card details.

Organization Information, Billing Contact

An account's organization details can now be added, which will soon be added to all DNSFilter invoices.

If the Billing Contact Email field contains an e-mail address, invoices will only be sent to that address, and not to any other users.

Billing Info (credit card information and invoices) has been relocated to the new Organization section of the menu.

System Status Page

Know what's happening with DNSFilter's infrastructure and feature availability in real time and historically at

It's also mobile friendly:

No published changelogs yet.

Surely DNSFilter will start publishing changelogs very soon.

Check out our other public changelogs: Buffer, Mention, Respond by Buffer, JSFiddle, Olark, Droplr, Piwik Pro, Prott, Ustream, ViralSweep, StartupThreads, Userlike, Unixstickers, Survicate, Envoy, Gmelius, CodeTree