Perhaps the most popular use case for IP filtering is that it lets you create a firewall at the DNS level that will block malicious or unwanted traffic before it reaches your servers. Using IP filtering in this manner is especially helpful when you notice anomalies or a sudden increase in traffic, as you can block the country where the bad traffic is coming from and instructing your DNS server to drop the query.
Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo Demos
BlogsNewsPress ReleasesIT NewsTutorials
Give us your email and we'll send you the good stuff.
Heather Oliver is a Technical Writer for Constellix and DNS Made Easy, subsidiaries of Tiggee LLC. She’s fascinated by technology and loves adding a little spark to complex topics. Want to connect? Find her on LinkedIn.
Once upon a time, before smartphones and Google, humans called telephone operators or used phonebooks to find the contact information for a person or business—and many by means of a corded phone with a rotary dial, no less.
Fast forward to present day. The majority of people use the internet to search for people and businesses. Of course, with the insane amount of web pages online (more than 6 billion of them), it’d be nearly impossible for human operators to handle this volume of traffic.
That’s where DNS comes in. At its core, DNS is the modern-day 411 operator or phonebook, but for websites. While invented in 1983 by Paul Mockapetris, it wasn’t until the 2000s that the internet, in general, started really becoming a part of our daily lives. As internet popularity grew, so did the importance of DNS, as without it our internet experience would be nowhere near what it is today.
Okay, enough of the history lesson. If you’re reading this you probably already know the basics of DNS, so let’s get straight to the good stuff!
With the old phonebook and operator system, businesses had no control over who reached their business by phone. And without advanced DNS—and GeoDNS specifically—you couldn’t prevent unwanted traffic to your website(s) either.
GeoDNS might not actually stand for “genius evolution of Domain Name Systems,” but it is genius! While similar to Anycast DNS (services that are built on globally distributed nameservers that answer queries based on user locations), GeoDNS is far more advanced.
This technology essentially lets you assign business rules that sit in front of your DNS records that help you make decisions that will give you the ultimate return on your DNS investment.
With GeoDNS, you can set GeoProximity rules and use filters to route traffic according to custom parameters. You can filter by region, country, or state, and even by ASNs specified within a record. Think of it as a traffic director or GPS for DNS.
This puts a lot of power in your hands that would otherwise be unavailable to you, as it allows you to configure rules based on the precise needs of your domain(s).
Many people associate IP filtering with bad or malicious traffic. And while filtering is used frequently for that purpose (more on that below), there are other useful ways to implement it into your DNS strategy.
IP filtering allows you to funnel traffic to servers based on the location of the end user. This can be helpful for efficiency or for instances where country-specific regulations come into play, but it can also be beneficial in other ways.
Let’s take a look at how we can apply filtering to a local business.
Say you own a restaurant in Reston, Virginia called Betty’s Vegan Pizzeria and you’re trying to improve your SEO (search engine optimization). When reviewing your website analytics, you notice you have a higher than average bounce rate, and that a large chunk of page bounces are coming from out-of-state users, when your main clientele lives within a five mile radius of your establishment. .
To eliminate this issue, you could use IP filtering to set regional or state-level rules that will allow only relevant traffic to land on your site by blocking the traffic altogether. Alternatively, you could choose to redirect the irrelevant traffic to another IP.
For instance, if you have a blog for vegan tips and recipes that isn’t region-specific, you could route traffic there. Or, you could just stop certain state or regional traffic from hitting your site altogether by blocking non-relevant areas.
It’s all about your domain goals and the specific needs of your organization.
Perhaps the most popular use case for IP filtering is that it lets you create a firewall at the DNS level that will block malicious or unwanted traffic before it reaches your servers.
Using IP filtering in this manner is especially helpful when you notice anomalies or a sudden increase in traffic, as you can block the country where the bad traffic is coming from and instructing your DNS server to drop the query.
Did you know?: With our Real-time Traffic Anomaly Detection (RTTAD) service, you can quickly and effectively stop DDoS attacks before they can cause damage to your domains. When this service is enabled, you are alerted in real time when spikes and anomalies occur, and can set up filters accordingly. This lets you play offense, instead of scrambling on the defense, after an attack.
Filtering by ASN works similarly to filtering by region or state but works by blocking specific networks from reaching your domain.
Here’s an example.
Let’s say Betty’s Vegan Pizzeria doesn’t want Donnie’s Vegan Pizza Shack visiting their site. While Betty’s can’t prevent someone from accessing the site on a personal device, they can block Donnie’s Vegan Pizza Shack by setting up an IP filter for their specific ASN number.
In this instance, Betty’s could redirect Donnie’s Vegan Pizza Shack back to their own website or an IP address of their choosing, or they could have the DNS server drop the query based on that ASN.
Filtering by ASN can also help with latency issues and improve connectivity for end users. With this method of GeoFiltering, you can control how queries are directed and to which servers they are directed. This can be beneficial when using multiple content delivery networks (CDNs) or multiple Internet Service Providers (ISPs).
There are many reasons why companies would want or need to filter their internet traffic and each case is unique. The good thing is that there are several easy ways to implement and achieve your DNS goals—IP filtering being just one of them!
Another way you can use IP filtering is by setting up language rules. Doing this ensures that your web traffic is directed according to the language of the end user. This can help boost speed and efficiency, as well as creating a better user experience.
For an in-depth explanation of how to apply IP filters to your domain in Constellix, watch this video.
Implementing IP filtering into your DNS strategy is a fantastic and flexible tool for any business. But what if you have a large number of domains or are a countrywide or worldwide organization that needs an even greater amount of specificity?
One of the key differences between IP filtering and setting GeoProximity rules is that IP filtering is restricted to country or state-level rules. GeoProximity, on the other hand, can get as specific as latitude and longitude coordinates.
For example, with GeoProximity, you can choose to hone in on traffic from a large city like Los Angeles or pinpoint a tiny town with a population of 547, like Hartville, Missouri.
To go even further, you could get as specific as one (or more) person’s IP address in Hartville, Missouri, rather than the entire town, if you notice suspicious activity coming from a certain IP address.
Another reason for using GeoProximity is to enable rules based on location. The idea behind this is similar to the example I used above with Betty’s Vegan Pizzeria, which was routing or blocking traffic from specific locations. With GeoProximity, however, you can get set rules based on your technical environment, or even latitude and longitude coordinates based on the locations of your servers.
If you do business only in Charlotte, North Carolina, you can set GeoFilters that only allow queries from users based in Charlotte to hit your website. If you want to branch out and allow nearby towns and cities to reach your site, you can configure this as well, while still blocking or redirecting queries from other locations.
With GeoProximity, you can essentially build your own CDN without actually having multiple providers.
How? Our GeoIP engine directs users to the closest servers in your network automatically. All you have to do is set up your geo-specific rules and have the appropriate records configured.
The Constellix Difference
Why use Constellix for GeoDNS? For starters, our focus is DNS and only DNS. We also play nice with other services and don’t try to lock you into a contract that might have costly implications in the future.
When it comes to GeoDNS, though, we have a unique database that utilizes custom-designed, in-house scripts that are always current. You won’t find more accurate or timely DNS data anywhere else.
To be honest, I could keep listing all of the reasons why you should use Constellix, but that list would get really long. If you’ve hung in with me this far, though, you definitely see the benefit of implementing GeoDNS into your DNS strategy.
If you still have questions about how Constellix can benefit your organization, why not book a demo and check it out for yourself? After all, seeing is believing!
If you liked this, you might find these helpful:
Sign up for news and offers from Constellix and DNS Made Easy