Why NxFilter

Faster and lighter

There are many webfilter products based on Squid proxy or some other HTTP proxy. With this approach you might have a serious latency problem on your network. This is because your web traffic needs to go through one point in your network that is your webfilter and it becomes a bottle neck in your network. This latency problem gets bigger when you have bigger number of users. But there is another approach. That is DNS filtering and NxFilter is a DNS filter. It is basically a DNS server with filtering ability. Since it uses light weight DNS protocol there is no need to have your traffic going through anywhere. You get no latency problem with NxFilter.

Boosting up your internet speed

Some users reported that after they installed NxFilter on their network their Internet speed improved greatly. This is because NxFilter keeps local cache for DNS lookup. Suppose in your network everybody uses Google public DNS server. Their DNS queries need to be sent to the DNS server on the Internet and they need to wait for the response back from it. But if you have NxFilter in your network it keeps cache for the DNS response from its upstream DNS server and reduces the network traffic greatly and your users don’t need to wait for the response from a public DNS server on the Internet.


Even though it is faster and lighter to be compared to the traditional web proxy based filtering, DNS filtering had its own limit in the past. It didn’t support authentication. This is natural as DNS protocol doesn’t have any authentication scheme. It was the biggest obstacle for a DNS filter to be employed in a real world enterprise environment. However, NxFilter supports authentication based on IP and password. And it supports single sign-on with Active Directory. With NxFilter, you can differentiate users and apply a filtering policy based on user and group.

Easy deployment

You just need to set up your DHCP server to make NxFilter as the DNS server for your network. Then your users will use NxFilter as their DNS server and they will be under filtering. Forcing filtering to users is also possible. You can block outgoing UDP/53 and TCP/53 except from NxFilter. In that way, NxFilter becomes the only DNS server your users can use.


NxFilter can handle several thousand users easily. It has been proven by many users through the years since we released its first version. It has built-in clustering for load balancing and you can add unlimited number of nodes to its clustering. Some of our users reported that they are serving more than 30,000 users in their site with one cluster of NxFilter.

Malware/botnet detection

In reality, these malwares and botnet programs are network server/client programs by themselves. Naturally, they are heavily relying on DNS protocol. NxFilter is capable of detecting malware and botnet based on DNS packet inspection.

Remote filtering

NxFilter provides several remote filtering client softwares for filtering the Internet activity of off-site users or mobile workers. There are agents for Windows, Mac OS and Chromebook.

Application control

NxFilter supports application control through its agent that is NxClient. With this feature you can block UltraSurf, Tor, uTorrent, Skype, Minecraft and other applications you want to block.

* NxClient is a remote user filtering agent for NxFilter.

Content filtering by NxClassifier

NxFilter does content filtering with its built-in website classification engine that is NxClassifier. With NxClassifier, you can classify a website into a certain category based on its contents. This means that you can block almost every website you want to block even if it is a new website which is not known to people yet.

Flag Counter