Network basics: About DNS and how it makes our filter work
In our natural habitat, we developers discuss our issues using computing acronyms and abbreviations generously, often generously enough to replace the original term completely. While this sounds perfectly clear to us, it sometimes just doesn’t work out for explaining in everyday language what we’ve done with our last update.
Today we thought it would be interesting to pay a little attention to the way how humans and machines read website addresses differently: DNS and IP.
DNS stands for Domain Name Service, a substantial, yet invisible part of the internet and the way we use it every day. It consists in translating human-readable website names like www.example.com to machine-readable numerical IP addresses like 203.0.113.51. Before your browser can fetch the content of any website, this domain name translation has to be done.
This is what helped us to build the latest filter feature we’re happy to introduce: the brand new DNS based web filter.
Wait… what happened to the content filter?
Our current content filter is based on transparent HTTP proxy filtering. It used to work smoothly with unencrypted web traffic. During the last couple of years, as you’ve very probably noticed, more and more websites switched to the secure version of Hyper Text Transfer Protocol, HTTPS. This means that all communication between your browser and the website is encrypted via the TLS protocol. Hence, the HTTP proxy is unable to identify unwanted content in encrypted connections – this is where our new DNS filter comes to rescue.
In addition to the general trend towards a better secured web, this shift has been reinforced by the Let’s Encrypt initiative, where SSL/TLS certificates are provided for free. These certificates are needed for the encryption part of HTTPS. Let’s Encrypt has issued millions of certificates already and today (2018-01) there are 48 million certificates online.
This chart shows the percentage of encrypted pages loaded (firefox users). The blue line for all users is currently at about 70%. Obviously, a sound share of these high figures are due to the fact that major platforms like Google, Facebook,… are fully encrypted.