Domain Lookup Tool Enhancements

Our Domain Lookup Tool previously only served two functions:

  • Print a domain's categories
  • Report if a domain's categories were inaccurate

The Domain Lookup Tool has the following new features:

  • Prints the Policy name if the domain is on a Blacklist or Whitelist of a Policy.
  • Report if a domain is a known threat, with the ability to provide additional context.

Real-Time Query Log, Reporting: Export CSV

Query Log

This feature allows searching all DNS queries for up to 72 hours; optionally, for specific domains or response types (blocked or allowed).

This allows for much easier troubleshooting for an array of circumstances and use cases.

This feature can be found in the Tools section of the Dashboard.

This release only allows searching of domain names ( and not specific subdomains (, but a subsequent update will allow this.

Reporting: Export CSV

The following Reports can now be exported to a CSV file:

  • Top Requests
  • Threats
  • Query Log (Tools)

Customizable Bypass Password, New Reporting Charts, Anycast Block Pages

Customizable Bypass Password

One of our most requested enhancements.

Customers can now set a custom bypass password at the Block Page Policy level. Previously this was set at the network level, and only a static password was offered.

New Charts

Part of a series of updates to the Reporting system. We've updated our charts library, which is more aesthetically pleasing, contextual, and more importantly, accurate.

AnyCast Block Pages

Although we have DNS servers all over the world, our block pages were only hosted in a single location in Dallas, Texas, USA. This meant the pages would be slower to load for European customers, and were a single point of failure being in a single data center.

Our block page IP address is now an Anycast address, with locations in the following locations:

  • New Jersey, NJ
  • Las Vegas, NV
  • Roost, Luxembourg

European customers will now experience faster block page rendering, and our block pages are now fully redundant.

SSL Certificate, External Block Pages

It's been a while since our last update, and your patience have not been in vane.

SSL Root Certificate

We're pleased to release our most popular feature request, an SSL Root Certificate.

By installing the certificate on a device, block pages loading over HTTPS can be viewed, resulting in less confusion and education for endusers, in addition to the added functionality of using the proxy bypass option.

With SSL Root certificate

Without SSL Root certificate

The certificate can be downloaded in the new Tools -> SSL Certificate Section of the Dashboard, which also has embedded installation instructions for Windows, MacOS, and Linux (Debian/Ubuntu) and link to our KB article for deploying the certificate using Active Directory.

External Block Pages (302 Redirect)

We've added the option to host your own block page, which is triggered by a 302 redirect.

Blocks occurring over HTTPS will only be redirected if the SSL certificate is installed, otherwise a certificate mismatch error will appear as expected.

Block Page Policies, Payment Status

Block Page Policies

Previously, Block Page settings were only configurable at the Network level; this meant customers wanting to have the same Block Page logo and/or behavior had to repeatedly configure the same settings for each Network.

Block Page settings can now be configured as a separate entity under Policies, which allows customers to use the same Block Page settings for numerous networks.

Existing Block Page settings have been migrated to the new Policies --> Block Pages tab, and existing customers will need to consolidate as necessary.

The Block Page policies are then assigned in the Networks section.

Block Page Bypass remains a per-network option, as our survey results overwhelmingly showed that customers prefer to enable this feature on a per-network basis.

Payment Status of invoices is now available in the Organization section in the Billing Info tab.

Dynamic DNS over HTTPS

We now support Dynamic DNS (DDNS) updates over HTTPS to all supported DDNS providers.

Example ddclient config with ssl enabled.

Any questions or issues should be directed to support.

Multi-User Support, Organization Information, Separate Billing Contact

Multi-User Support

Unlimited Administrator and Read-Only accounts are now available in the Dashboard, in the new Organization menu.

We also plan to offer Billing-only accounts for accessing invoices and credit card details.

Organization Information, Billing Contact

An account's organization details can now be added, which will soon be added to all DNSFilter invoices.

If the Billing Contact Email field contains an e-mail address, invoices will only be sent to that address, and not to any other users.

Billing Info (credit card information and invoices) has been relocated to the new Organization section of the menu.

System Status Page

Know what's happening with DNSFilter's infrastructure and feature availability in real time and historically at

It's also mobile friendly:

EDNS0 and ECS Enabled

We've enabled EDNS0 support in our DNS service, which opens many possibilities for future features, including reporting and content filtering at the device level.

edns0-client-subnet ("ECS" for short) has also been enabled, allowing Content Distribution Networks (CDNs) to serve content that is optimized for our customers' location and IP address range, rather than the location of our DNS resolvers. In other words, it's a major performance enhancement.

In the following example, we spoof the origin IP address of the DNS request using a special dig option. Although we're using the same DNSFilter server to resolve, the authoritative answer changes, because google's authoritative DNS servers are replying with an optimized answer for the IP address range that requests the data.

Privacy Note: We only submit the IP address range (/24) of customer requests, so the customer IP address is anonymized as to not inform the authoritative DNS servers for whom we are requesting the information.

Duplicate Policies

We've added the ability to duplicate existing policies in the Dashboard.

This is an iterative feature update, with eventual plans for more robust policy control when applying to multiple networks.

Go forth and duplicate!

No published changelogs yet.

Surely DNSFilter will start publishing changelogs very soon.

Check out our other public changelogs: Buffer, Mention, Respond by Buffer, JSFiddle, Olark, Droplr, Piwik Pro, Prott, Ustream, ViralSweep, StartupThreads, Userlike, Unixstickers, Survicate, Envoy, Gmelius, CodeTree