DNS filtering can help secure Internet of Things (IoT) devices by blocking them from querying untrusted domains.
After reading this article you will be able to:
Copy article link
Domain Name System (DNS) filtering can analyze DNS requests originating from Internet of Things (IoT) devices to identify and block connections to known malicious or unauthorized domains. DNS filtering can act as a clientless security layer for IoT, preventing vulnerable smart devices from communicating with dangerous parts of the Internet.
IoT devices, such as smart cameras or industrial sensors, often lack traditional endpoint security agents and are vulnerable to compromise. If compromised, these devices can become incorporated into large-scale cyberattacks, such as distributed denial-of-service (DDoS) attacks or data theft. Without protections, or with only minimal protections, IoT devices are easy targets. For instance, the massive Aisuru botnet is largely comprised of thousands of IoT devices that the botnet operators have taken over.
IoT devices constantly make DNS lookups to find the IP addresses of the external services they rely on, or they ping domain names to check for network availability. DNS filtering intercepts these outbound requests, comparing the requested domain against databases of known security threats. If a device attempts to resolve a malicious domain, the request is stopped, preventing the connection.
Think of DNS filtering as a protective digital chaperone for a child who is only allowed to call certain phone numbers. If the child (the IoT device) tries to dial an unapproved or known malicious number, the chaperone (the filter) immediately hangs up the phone before the call connects. This simple protective measure ensures the device only communicates with approved, safe contacts essential for its intended function.
Every Internet-connected device must use the Domain Name System (DNS) to translate known domain names into an alphanumeric IP address. When an IoT device initiates a connection, its query is redirected by network policies (set at a router or DHCP server, usually) to a secure recursive DNS resolver that is configured to filter its queries.
This resolver checks the destination domain against real-time threat intelligence feeds that categorize millions of domains based on known malicious activity, such as malware distribution, phishing, or botnet command and control. DNS filtering services can block queries based on other criteria as well, such as the age of the domain or whether it was programmatically generated (attackers often automatically spin up new malicious domains at scale).
A major benefit of using DNS filtering for IoT is that it can be deployed without installing clients on IoT endpoints. Because many IoT devices are simple, resource-constrained, or "headless", they cannot support traditional security software like endpoint detection and response (EDR) agents. By applying DNS filtering at the network router, administrators can enforce security policies across all connected devices in a corporate location — including guest networks and specialized hardware — without requiring any local installation or configuration on the device itself.
Cloudflare Gateway, a component of the Cloudflare One platform, provides secure web gateway services including comprehensive recursive DNS filtering. It secures entire networks and all branch locations, making it ideal for managing IoT devices. Learn how to block known threats like malware, botnets, and phishing domains with Cloudflare Gateway.
Domain Name System (DNS) filtering is a security method that examines DNS queries from network-connected devices, allowing or blocking queries based on security policies. DNS filtering can stop connections with untrusted or malicious domains. This can protect IoT devices, which are often vulnerable and largely unmanaged, from connecting to dangerous areas of the Internet and becoming compromised.
Many IoT devices, such as industrial sensors or smart cameras, lack traditional security agents and are often poorly protected because they are almost never turned off, updated, or patched. Because of these vulnerabilities, they are easy targets for attackers who want to compromise them and incorporate them into botnets for large-scale distributed denial-of-service (DDoS) attacks.
When a device attempts to connect to an external service, the filter intercepts the outbound request and compares the domain in the request against a database of known threats, or against a list of allowed domains. If the domain is recognized as malicious or otherwise not permitted, the filter stops the request before the connection is established.
Effective DNS filtering solutions use threat intelligence to categorize and block millions of domains associated with phishing, malware distribution, and botnet command and control. It can also block domains based on their age or if they appear to be programmatically generated by attackers at scale.
DNS filtering can help stop the spread of IoT-targeting malware at the earliest possible point since it prevents infected devices from communicating with their command-and-control servers, without which they cannot be part of coordinated attacks.