Skip to main content

Requirements for DNS Filtering in OneView

Updated: 

DNS Filtering requires key components from OneView to be accessible to administrators. Once accessible, administrators install the agent on endpoints with supported operating systems to use this module. Below are the requirements for DNS Filtering.

Domain Requirements

The DNS Filtering module only supports Fully Qualified Domain Names or Partially Qualified Domain Names for the allow and block list. Single-Label Domain Names are not supported.

  • Fully Qualified Domain Name - mail.google.com
  • Partially Qualified Domain Name - google.com
  • Single-label Domain Name - google

Feature Requirements 

Non-bundle subscriptions Bundle subscriptions
  • An active Incident Response, Endpoint Protection, or Endpoint Detection and Response subscription.
  • An active subscription to the DNS Filtering module.
  • Global Administrator or Site Administrator role.
  • An active Ultimate bundle subscription.
  • Global Administrator or Site Administrator role.

Endpoint Requirements

Endpoints require the following operating systems to filter network traffic. The following system requirements are specific for DNS Filtering. For our Endpoint Protection requirements, see System requirements for OneView.

  • Windows: 11, 10 version 1607 or later.
    • In late August 2025, DNS Filtering support for Windows 10 version 1511 or older ended.
  • Windows ARM: 11
  • macOS: Tahoe 26, Sequoia 15, Sonoma 14, Ventura 13, Monterey 12, Big Sur 11.

CAUTION - DNS Filtering is not recommended on internet information or web servers as it may block communications.

  • Windows Server: 2025, 2022, 2019, 2016.
    • In late August 2025, DNS Filtering support for Windows Server 2012 and 2012 R2 ended.

Network Requirements

  • Endpoints running DNS Filtering need to allow HTTPS outbound connections that resolve DNS lookups to https://*.cloudflare-gateway.com 
  • Only User Datagram Protocol (UDP) network traffic is supported.

Browser Requirements

DNS over HTTPS (DoH) or Secure DNS must be disabled for browsers and operating systems to allow DNS filtering to operate properly. See the following articles for managing Windows and browser DoH settings via Group Policy. Look up instructions for your specific browser if DoH needs to be disabled manually on an endpoint.

 

Return to DNS Filtering.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more