A usage summary is now available on the billing page that displays your organization’s estimated monthly user count and explains how the metric is calculated. The new data is meant to inform and assist with license count adjustments.
Block Page Improvements
- Long awaited and highly requested; the domain categories now appear on the block page. The feature works for threat categories, content categories, and extra categories like Advertising and Trackers. The behavior is consistent for standard, custom, and global block pages.
- Text update to clarify how to proceed for the end user: “If you feel you’ve reached this page in error or need to request access, please click here to notify the network administrator."
- Fixed Allow/Block List bug that allowed the same domain on both lists
- Corrected a display bug on the IP/Hostname section of Deployments->Sites configuration
As the top level of our hierarchy, a site plays an important role in managing your deployments and policies. Large organizations often have thousands of sites and our web UI truncated the list at 1,500 but is now unlimited.
Our changelog now has an RSS feed. If you are reading this you may want to subscribe. Just add our feed URL
https://dnsfilter.canny.io/api/changelog/feed.rssto your favorite reader.
Query log now supports searching subdomains to refine your investigations.
Example: searching for
content-autofill.googleapis.comwas previously not allowed in query log and resulted in an error. Now you can refine the search results to the desired subdomain.
Android Roaming Client
SSO is here!
DNSFilter now supports Single Sign-On (SSO).
Improve security and streamline workflows. Enforce SSO to the DNSF dashboard with third-party identity providers (IdPs), such as Okta and Azure AD, as well as others that support OIDC.
Getting started with SSO is quick and easy.
Simply configure an Identity Provider in the
Single Sign-Onsection of the
Settingspage of your DNSFilter account. Once the values have been entered correctly, SSO can be turned on.
Check out our Knowledgebase for a detailed breakdown of how you can set up SSO for your account.
You can now add notes to the “Allow” and “Block” lists
Customers can now add a note using the new notes column or in the pop-up dialog when adding a domain to the
Blocklist in the Policy settings on the dashboard.
Use this feature to remember why the domain was added to your lists. Notes can also be used as a reference in internal support tickets to help improve workflows.
Local Domains support for Android:Android has now joined the list of Operating systems (Windows and iOS) where local domains are supported.
Windows Roaming Client
2FA Enforcement and User 2FA Reset
Owners and Administrators can now enforce Two-Factor Authentication (2FA) across their entire organization.
Additionally, owners and admins can reset 2FA for their dashboard users directly in the app.
Zapier Improvements for MSPs
New improvements have been made to the DNSFilter+Zapier integration to enable MSPs to create Zaps that can be customized for each sub-organization. An
External IDfield has now been added to the
Organizationprofile settings to enable integration with external services.
Using this identifier, MSPs can now associate a DNSFilter sub-org/site to its existing location within a selected integration through Zapier.
Windows Roaming Client Logs
Users of the Windows roaming client can now collect logs locally. These logs can be found in a new folder we have introduced in the default installation location of the DNSFilter agent. Windows RC logs have a 7-day lifecycle thus, logs older than 7 days are automatically deleted. Because our roaming clients auto-update, customers who currently have the Windows RC installed should see logs within 2 days of the release.
- Prior to this release, when the Windows RC encountered a specific error, the Windows RC restarted, giving the end-user the impression the application had crashed. This release corrects this issue.
- Prior to this release, when an MSPnavigated to theMSP org(not the dashboard), selectedDeployments,Sites, and edited the Block Page for multiple sites, the Policy would default toNo Policy. This has been corrected.
- Prior to this release when an MSPnavigated to a sub-organization'sDeployments,Sites,Global Policieshad theglobe icon, andGlobal Pagesdid not. This has been corrected.
Introducing AppAware, DNSFilter’s one-click application blocking feature.
Blocking an application that you need to disallow on your network can be quite difficult because of the numerous, sometimes thousands of, domains behind its operations. AppAware removes this complexity by providing you with all the necessary associated domains required to block the application.
With just one click, you can block an application and all its associated domains with AppAware.
Block an entire category of applications
AppAware also gives you the ability to block a group of applications. Related applications are grouped into categories in AppAware, and by clicking the
Block All Appsbutton on a “category” tab, you can block all the applications listed in that category.
Now you can block remote desktop applications that can be compromised and exploited by attackers to gain access to your network and messaging applications to boost productivity amongst your team or block.
Block Ecosystem Applications
One interesting category on AppAware is
Ecosystem Applications. This category allows you to block all applications in a provider’s ecosystem. Let’s assume you want to block all Microsoft-based applications, you can simply turn on the block button on
This automatically blocks applications like Microsoft Teams, Office 365, Microsoft Azure, and any other application or service provided by Microsoft.
Because we know how important it is for you to monitor the operations of AppAware, we added a dedicated reporting page just for AppAware (
Here, you can view your traffic reports by application, sort them using AppAware categories, and block an application directly from the reports page by adding it to an existing policy.
The AppAware reporting page provides clear visibility into applications being utilized on your network. You can click individual applications to get more granular with the traffic details for that application. This can provide useful information in tracking unusual traffic coming through an application and help administrators apply security controls where necessary.
New AppAware column in Query logs
You can also monitor attempts at running blocked applications in your query logs under the newly added AppAware column.
Windows Roaming Client
Domain Report Tool Improvements for MSPs
MSPs can now view the domains in a global policy applied to a site in the
Block Listof the Domain Report tool.
New label for queries allowed by SafeSearch
Queries on search engines and Youtube that are allowed by the
Safesearchoption when applied to a policy are now marked with the
Allowed - SafeSearchlabel in the query log. This distinguishes them from other queries allowed by other policy settings. It also helps users identify why some queries are allowed even when they have not been explicitly configured to be allowed on the network.
- MSP admins that have access to multiple organizations can now see the name or email address of a user that makes a policy change displayed in the Performed Bycolumn of the Policy Audit Log.
- Connectivity issues experienced on Windows roaming clients when switching from home/personal to business/office networks have been fixed
- Errors experienced by read-only users when logging into the dashboard have been fixed
Alphabetization of Columns for Sync Tools
If you use our Active Directory integration via our Sync Tool feature, items within a collection column are now automatically alphabetized making it easier for users to navigate. This improvement will also enable enhanced column sorting for collections.
Relays/LAN subnets now show the correct block page
Customers who apply a block page to their Relays/LAN subnets will now see the correct block page they applied. Prior to this release, customers who had block pages applied to Relays/LAN subnets page would receive the block page selected for a site.
Collections are now displayed on the assigned policy tab
The status column for a policy now displays all collections assigned to that policy. You can also find this information by going to
New Nodes Added to our Anycast Servers
As we continue to boost our global coverage, we have added new nodes to our anycast servers (Istanbul Turkey, and Sydney).
Improvements to Sync Tool
DNSFilter users now have the following capabilities for their AD instance:
- Sync Dynamic Groups from On-premise AD and Azure AD
- Sync Built-in groups from On-premise AD
- Sync Security Groups from Azure AD
We also updated the User interface of the Sync tool and improved overall performance for a better user experience, including a New Sync Logs tab.
The functions labeled in the above diagram are described below:
- The Sync Logstab
- Sync message filtering options. Customers can filter messages using full,errors only, anderrors and warnings onlyfilter options.
- The Refresh Logsbutton. When engaged, it reloads the logs screen displaying the most recent logs
- The Open folder with logsbutton. When engaged, it opens the window explorer with the file where logs exist on the customer’s local machine.
- Viewing modes. This allows you to switch between a single and dual page view.
- Search function. Enables you to perform a free text search on the log messages
- Zoom slider for improving your viewing experience
A Progress bar to indicate the progress of an ongoing synchronization
Other Sync Tool improvements:
- Automatic Full Sync
- Up to 500,000 users supported
Insights default to 24 hours
Up until now, the viewable data on
Yesterday. This option prevented trial users and users who are still in the process of deploying DNSFilter from seeing data until a full day had passed.
With this new release, the
Insightspage data now defaults to
Last 24 hoursenabling users to view data as soon as they begin resolving traffic through DNSFIlter.