DNS Filtering: A Simple Security Layer Most Businesses Overlook
Most people who know Cloudflare's public DNS service know the address 1.1.1.1. It is fast, easy to remember, and widely used.
But there is another option that deserves more attention from business owners: 1.1.1.2.
The difference is simple but important. Cloudflare's standard 1.1.1.1 DNS service helps your device find websites quickly. Cloudflare's 1.1.1.2 does the same thing, but adds malware filtering. If a device tries to reach a domain known for phishing, malware distribution, command-and-control activity, or other malicious behaviour, the request is blocked before the website loads.
That makes DNS filtering a useful extra layer of protection.
It is not complicated in concept. Every time a user clicks a link, opens a website, or an application tries to contact an internet service, DNS is usually involved. DNS translates a readable name like example.com into the technical address your device needs to connect. A filtered DNS service checks that destination against known dangerous domains before allowing the connection.
If the destination is known to be malicious, the connection can be stopped before the browser or application reaches it.
For businesses, that matters.
Many security incidents do not start with a dramatic attack. They start with an ordinary click: a phishing email, a fake login page, a malicious advert, a compromised website, or malware trying to call back to its control server. DNS filtering can reduce the chance of those connections succeeding.
It can also be applied in more than one way. A business can configure DNS filtering on individual computers, or it can be applied at the router or firewall level so the entire network benefits from the protection. Cloudflare also offers 1.1.1.3, which includes malware filtering plus adult-content blocking, which may be useful for schools, family environments, or businesses that want stricter browsing controls.
However, DNS filtering should not be treated as a complete security solution.
It mainly protects against known bad domains. If a malicious domain is brand new, or if a previously legitimate website has been compromised, DNS filtering may not catch it immediately. There can also be rare false positives where a safe site is blocked by mistake. And DNS filtering does not replace endpoint protection, patch management, email security, user training, backups, or proper monitoring.
This is where the business conversation becomes important.
Changing a DNS setting is easy. Building a reliable security stack is not.
At Blue Chip Technologies, we look at tools like DNS filtering as part of a wider Managed IT Services strategy. The goal is not to rely on one control and hope for the best. The goal is to layer protections so that if one control misses something, another one can still reduce the risk.
That includes 24/7 monitoring of Windows, macOS, Linux, servers, network devices, and business endpoints. It includes automated patch management across operating systems and hundreds of third-party applications. It includes Bitdefender GravityZone endpoint security with anti-malware, ransomware prevention, Endpoint Detection and Response, phishing and web threat defence, vulnerability management, and email security for Microsoft 365 and Google Workspace.
It also includes the less glamorous work that keeps businesses secure: documentation, asset management, helpdesk tracking, remote support, automation, and proactive maintenance.
DNS filtering fits neatly into that model. It is a low-friction control that can help block known malicious destinations before users reach them. But it works best when it is planned, deployed, monitored, and documented properly.
For a small business, the question should not be, "Should we use 1.1.1.2?" The better question is, "Do we have the right layers in place, and is someone managing them?"
A well-managed environment should know which DNS resolvers are in use, whether users can bypass them, how remote devices are protected outside the office, how endpoint security responds when something slips through, and how incidents are tracked and resolved.
That is the difference between a helpful setting and a managed security posture.
DNS filtering is a smart step. It can reduce exposure to known phishing and malware sites, and for many businesses it is worth considering. But it should be part of a broader security plan, not a substitute for one.
If you are unsure whether your business has the right layers in place, Blue Chip can review your current setup and help you build a practical, managed approach to endpoint, network, email, and web security.
Source: How-To Geek — Everyone Uses 1.1.1.1, But 1.1.1.2 Protects You.
