SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Remote employee secure dns protection roaming wifi home office
#
Firewalls
#
VPNs
#
Endpoint Protection

DNSFilter adds DNS PreCheck to protect roaming staff

Fri, 13th Mar 2026
Author image
By Mark Tarre, News Chief

DNSFilter has introduced DNS PreCheck, a feature designed to keep DNS-based security controls in place as employees move between corporate networks and public Wi-Fi.

Roaming workers often rely on airport and hotel networks that use captive portals and unfamiliar DNS settings. These conditions can disrupt DNS filtering and create gaps in web protection. VPN connections and disconnections can also change how endpoints resolve DNS queries, causing conflicts.

DNS PreCheck shifts where the filtering decision happens by running a security check locally before DNS resolution. This allows a device to block access to malicious domains before any DNS query reaches the network's DNS infrastructure.

Ken Carnesi, CEO of DNSFilter, said existing approaches work best in controlled environments. "Traditional DNS filtering works well inside controlled corporate environments, but limitations and conflicts can arise when users attempt to join other networks," he said. "DNS PreCheck solves that problem by moving security checks earlier in the connection process. The result is seamless protection for roaming users without the conflicts or connectivity issues that security teams deal with today."

How It Works

DNS filtering typically works by directing a device or network to use a specific resolver. That is straightforward on a managed corporate network, but harder on networks employees do not control, where local settings may impose different DNS behaviour.

DNS PreCheck adds another option within the DNSFilter platform. Organisations can continue filtering through standard DNS resolution or apply local filtering before DNS queries are processed.

The approach also aims to reduce captive portal-related lockouts on public Wi-Fi. When a user connects at a hotel or airport, DNS PreCheck keeps protection active while still allowing access to the portal pages required for sign-in.

Operational Impact

DNSFilter is positioning the feature as both an IT operations improvement and a security control. Network transitions can trigger helpdesk tickets when users lose connectivity or need to restart security clients after VPN changes. DNS PreCheck is designed to avoid DNS reconfiguration steps when a VPN connects or disconnects.

Users should not need to restart clients after these network events. The feature is designed to run in the background as devices move between corporate offices, home networks, and public Wi-Fi.

For managed service providers, roaming behaviour can increase support workload across multiple customers. The option to use local, pre-resolution filtering is positioned as particularly relevant for MSP deployments and organisations with hybrid workforces.

Deployment Details

DNS PreCheck is integrated into the DNSFilter platform and is available to existing customers. It works with the DNSFilter Windows Roaming Client, which applies policy when devices are away from the corporate network.

The design is intended to avoid DNS configuration changes on the endpoint and reduce dependence on VPN settings, which can override DNS routing and interfere with filtering policies when users switch networks.

Local filtering also blocks DNS queries to malicious domains before they leave the device. This model is intended to reduce opportunities for applications or malware to bypass filtering by changing resolver settings or routing requests outside expected paths.

Market Context

Hybrid work has increased the need for consistent endpoint protection across varied networks. Organisations have expanded secure access tools and endpoint controls, yet DNS remains a common point of failure when a device is off a managed network. Captive portals can further complicate security controls by requiring devices to reach specific destinations before full connectivity is available.

DNSFilter says DNS PreCheck addresses a gap that appears when employees step outside corporate infrastructure. The feature sits between network and endpoint security, using DNS as an enforcement point to block unwanted categories and known malicious destinations.

"DNS PreCheck solves that problem by moving security checks earlier in the connection process. The result is seamless protection for roaming users without the conflicts or connectivity issues that security teams deal with today," said Carnesi.

DNS PreCheck is delivered through the existing customer platform and Windows roaming client as organisations expand policies for users who frequently move between office, home, and public networks.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
BlackBox Hosting partners Everpure for sovereign cloud
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack