DNS allowlist
(also DNS whitelist)
DNS allowlist definition
A DNS allowlist is a network security tactic that helps administrators control access to websites and online services. The selection is based on the websites’ domain names. It’s a way of specifying which sites can be visited by users in a particular network.
The main goal of a DNS allowlist is to provide a layer of protection against potentially harmful or unwanted websites. It works by only allowing users to access a pre-approved list of domain names or IP addresses. If you try to access a domain that’s not on this list, you will probably be blocked or redirected. However, it can also be used to control access. In some sensitive cases, like government or military networks, DNS allowlisting helps ensure that only authorized personnel can access certain websites.
The allowlist is set up in the network’s DNS settings, where network administrators manage the allowlist by adding or removing domain names. The DNS server is configured to resolve only those domain names or IP addresses that are on the allowlist. Any DNS request for a domain not on the list is either not resolved or is redirected to a safe page. This can be configured at various levels, including organizational firewalls, individual computers, or DNS servers.
DNS allowlisting used to be referred to as DNS whitelisting, but the old term is now generally avoided.
See also: allowlist, allowlisting, application allow-listing, DNS query, DNS record