Antivirus software has been the default answer to malware for three decades. Install it on every computer, keep the definitions updated, run regular scans. It works — but only after malware has already reached the device. By the time your antivirus flags a file, the phishing page has already loaded, the dropper has already executed, or the initial connection to a command-and-control server has already been made.
What if you could stop malware before it ever reaches the device? That is exactly what DNS filtering does. It blocks malicious connections at the network level, before any download begins, before any payload executes, before any data is exfiltrated. It is not a replacement for antivirus — it is a first line of defense that catches threats your antivirus never sees.
Almost all modern malware depends on DNS at some point in its lifecycle:
paypa1-secure-login.com instead of paypal.com. Your browser performs a DNS lookup to reach it.Every one of these attack stages can be disrupted by blocking the DNS query. No DNS resolution means no connection. No connection means no phishing page, no payload download, no C2 communication, and no data theft.
A good DNS filtering service does not rely on a single blocklist. It combines multiple layers of threat intelligence to catch as many threats as possible:
Community-maintained and commercial blocklists contain millions of known malicious domains. These are updated continuously — often multiple times per day — as new threats are discovered. UnveilDNS uses lists from AdGuard, Hagezi, URLhaus (abuse.ch), Phishing Army, and others, covering known malware, phishing, and scam domains.
Google Safe Browsing maintains one of the largest databases of malware and phishing URLs in the world, updated in real time. When this is enabled in your DNS profile, every domain you visit is checked against Google's database before the connection is allowed. This catches phishing sites within minutes of their creation.
Domains that are not yet classified by blocklists or Safe Browsing are submitted to VirusTotal, which checks them against 70+ antivirus engines and threat intelligence feeds. If a domain is flagged as malicious by five or more engines, it is automatically blocked for all users. This catches zero-day threats that have not yet appeared in any blocklist.
The Anti-NRD (Newly Registered Domains) feature blocks domains that were registered within the last 30 days. While a small percentage of new domains are legitimate, the vast majority are used for spam, phishing, and malware. Blocking them preemptively is one of the most effective security measures available.
Machine learning models analyze domain names in real time to detect algorithmically generated domains (DGA) used by botnets, fast-flux domains used to hide malware infrastructure, and cybersquatting domains designed to impersonate legitimate brands.
Beyond domain names, DNS filtering can also inspect the IP addresses in DNS responses. If a domain resolves to an IP address known to be associated with malware (from feeds like AbuseIPDB and Spamhaus DROP), the response is blocked — even if the domain name itself is not on any blocklist.
Antivirus software inspects files on a single device. DNS filtering inspects network connections across all devices. This gives it several unique advantages:
| Threat | Antivirus | DNS Filtering |
|---|---|---|
| Phishing pages | Detects some (browser integration) | ✓ Blocks before page loads |
| IoT device malware | ✗ Cannot install on IoT | ✓ Blocks at network level |
| Smart TV tracking | ✗ No TV antivirus | ✓ Blocks tracking domains |
| C2 communication | Detects some (heuristic) | ✓ Blocks DNS to C2 servers |
| Newly registered domains | ✗ No NRD awareness | ✓ Blocks preemptively |
| DNS tunneling | ✗ Not detected | ✓ Entropy analysis |
This is perhaps the most important point. You can install antivirus on a Windows PC or a Mac. But you cannot install it on a smart TV, a security camera, a smart thermostat, a printer, a baby monitor, or a game console. These devices are on your network, they make outbound connections, and they are vulnerable to exploitation.
DNS filtering protects all of them. Any device that uses your network's DNS — which is every device on your network — benefits from the filtering. A compromised IoT device that tries to connect to a C2 server will have its DNS query blocked, containing the threat before it can spread.
DNS filtering is extraordinarily effective, but it is not a replacement for antivirus on devices that support it. The two are complementary:
Together, they create two layers of defense. DNS filtering is the perimeter wall. Antivirus is the lock on each door. You want both.
Real-time threat intelligence, Safe Browsing, VirusTotal, NRD blocking, and AI-powered detection — all through your DNS.
Get Started FreeSetting up DNS-based malware protection takes less than five minutes:
From that moment, every device on your network is protected. Check your Dashboard to see blocked threats in real time — you may be surprised by how many malicious connections your devices were making without you knowing.