Skip to main content

1. SafeDNS ISP Filter description


SafeDNS ISP Filter is an internet traffic filtering system developed by SafeDNS. The service
can restrict access to specific URLs, domain names, or IP addresses. There is an opportunity to
create your own filtering rules using the command line tools (filter-ctl filter) or the web interface.


The system includes a utility "SafeDNS ISP Filter Check", that allows you to check the quality
of the filter yourself.
If you have any comments on the documentation, please inform the technical support
specialists at They will get in touch with you and the documentation will
be updated as soon as possible.


The filtering system consists of the following components:
• Module for downloading the registry of prohibited resources, compiled by the IWF.
• Data conversion module for the filtering system.
• Recursive Unbound DNS server. It performs the functions of filtering DNS server and
a regular one.
• Module for asynchronously resolving domains in IP addresses.
• Dynamic routing module. It announces routes to the router (whether one needs to use this
module depends on the scheme of the existing network solution implementation).
• URL filtering system that consists of a Squid proxy server and an external ACL for it.
• A set of iptables rules and ipset lists performing a block when access to an IP address is
• A block page.
• Web interface for system administrators (see Web interface).
• Database.
• filter-ctl — console menu allowing control of the system.

Workflow concepts

The diagram below shows how the HTTP(s) requests a process will look when implementing
SafeDNS ISP Filter.


Traffic's path when using SafeDNS ISP Filter

The diagram below shows how the traffic will flow when using the filtering system. Connection scheme: with internal and boundary routers (SafeDNS ISP Filter connection schemes to the network.)


For information on the ACL's work, take a look at the "Checks in the ACL".