After you have added your site to the DNSFilter dashboard, it is best practice to configure our DNS servers on one computer, in order to test your policy settings and check for conflicts. After this test is successful, you can feel confident rolling out the change on your entire network.
Input the DNSFilter Anycast IPsAnycast IPs - Anycast is a technology DNSFilter uses to enable DNS requests from customers to hit the nearest servers to them. This allows for a fast response time. Our anycast addresses are 184.108.40.206 and 220.127.116.11 listed below into your network adapter:
DNSFilter Anycast IPs
DNS1 - 18.104.22.168
DNS2 - 22.214.171.124
You can make this change via the graphical user interface for your particular platform, or using the commands below:
# Use below line for Wi-Fi adapter Set-DnsClientServerAddress -InterfaceAlias Wi-Fi -ServerAddresses "126.96.36.199","188.8.131.52" # Use below line for Ethernet adapter Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses "184.108.40.206","220.127.116.11" # Confirm change with GetNetIPConfiguration
# Use below line for Wi-Fi adapter networksetup -setdnsservers Wi-Fi 18.104.22.168 22.214.171.124 # Use below line for Ethernet adapter networksetup -setdnsservers Ethernet 126.96.36.199 188.8.131.52 # Confirm change with scutil --dns | grep nameserver
There is an article on changing to custom DNS on a Google Chromebook here: https://www.howtogeek.com/204672/how-to-change-the-dns-server-on-a-chromebook/
# Backup current resolv.conf sudo cp /etc/resolv.conf /etc/resolv.conf.bak # Set DNSFilter nameservers echo -e "nameserver 184.108.40.206\nnameserver 220.127.116.11" | sudo tee /etc/resolv.conf
Run initial tests in incognito-mode
If you have visited a website 5-15 minutes prior to blocking it in your policy, you may notice that you are able to visit the site even after it is blocked. This is because the page has already been loaded into your browser cache. Therefore, it is more effective to run initial tests in incognito-mode so that you can eliminate this dynamic. Policy updates take place globally across our servers in <1 second, so this is only a temporary issue caused by visiting a site just prior to blocking it.
Now that the DNS addresses have been set, you can perform a test of your filtering policy to make sure that everything is working correctly. We recommend that you try the following in your browser:
- Verify your policy is active and filtering your desired categories, by visiting debug.dnsfilter.com
- Attempt to browse to a well-known domain that is allowed by your policy (i.e. google.com)
- Attempt to visit a domain in your policy blacklist
If everything is working as expected, you are now ready to deploy DNSFilter on your entire network. See our next article on Configuring Your Network for a walkthrough of common scenarios.
If you run into any issues, see our Site Troubleshooting section. The most common issue is to receive an error message like the one below. This indicates that DNSFilter does not recognize the IP address from which the DNS requests are originating. Please ensure the IP address listed on the page is added to your site in the Dashboard. You may wish to visit whatismyip.com as well to verify.
Updated about a year ago