Feature Requests

DNSSEC Enforcement support for clients using DNS-over-HTTPS

NextDNS allows use of DNS over HTTPS per profile. DNSFilter should allow DoH to point to specific policies and to allow devices to have DoH profiles (not just users with a roaming profile). This would be helpful for routers that support DoH but not DoT, and it would also be helpful to force certain clients on a VLAN with a separate policy to adhere to a policy for that client. It would also allow client-level statistics within a policy.

Hi. I'm currently using NEXTDNS and considering to switch to other alternatives. While researching, I came across DNSFilter and was impressed of their features. I was bit disappointed when I found out that they don't have (please let me know if i'm wrong) DoT/DoH addresses that you can just input into your router or other devices but instead you need to install a software or need a ddns server to work.

DNS Query Log: When I click on additional filters and add "categories" there isn't a value for uncategorized. Being able to see just the uncategorized sites would be extremely helpful when we try to figure out why a site is blocked.

Created on behalf of a feedback request raised in support. Give Owners the ability to opt out of receiving invoices, and they would then only be sent to the billing contact. Currently, all owner accounts receive the invoices by default due to the billing platform used.

Classic DNS filtering on roaming devices often depended on changing DNS settings. On networks the user doesn’t own—such as hotels, public Wi-Fi, or shared corporate environments—this could cause conflicts with other software and reduce reliability. The new DNS Pre-Check capability modernizes protection by introducing a transparent DNS proxy that validates and filters queries locally before they leave the device. This eliminates the need to modify DNS settings, ensures filtering works across untrusted networks, and helps preserve connectivity wherever users connect. To support this capability, the Windows Agent will include a Filtering & Connection Mode framework. Instead of the agent deciding behavior automatically, administrators can configure three dimensions directly from the Dashboard: Connection Mode: Transparent Proxy or DNS Loopback (how queries are intercepted). Filtering Mode: Classic DNS or DNS Pre-Check (how queries are evaluated). Failover Mode: Fail Open or Fail Closed (what happens if filtering cannot be reached). For ease of deployment, these are also available as presets: Standard (Recommended): Balanced filtering and connectivity. Strict (High Security): Always enforce filtering, blocking access if filtering is unavailable. Custom (Advanced): Mix and match connection, filtering, and failover modes as needed.

So much white... Need dark mode please!

The first release of CyberSight introduces Activity Logs within the Windows Agent, capturing what users actually did — applications used, sites visited, time spent, and full URL visibility — even while offline. While these logs provide detailed forensic records, reviewing them can be time-consuming and less effective for spotting patterns or communicating insights at scale. The next phase of CyberSight introduces interactive Dashboards that transform this data into clear, actionable views: Overview Dashboard: Highlights top websites, applications, categories, SaaS usage, and license consumption for quick situational awareness. Threat Trends: Consolidates observed threats and risky user behavior to help IT and security teams prioritize remediation. Timeline Reporting: Visualizes anomalies, shadow IT adoption, license usage, and historical events to accelerate investigations. Together, these capabilities evolve CyberSight from log-based visibility into a actionable reporting function. This enables IT administrators, security analysts, and service providers to communicate insights, reduce investigation effort, and demonstrate security value directly in the product.

Traditional DNS reporting shows which domains a device resolved, but not what the user actually did. DNS logs capture every background query, prefetch, and embedded resource, making it difficult to separate real activity from noise. For example, thousands of lookups to Facebook may reflect only a logo on a page, not active use. CyberSight changes this by introducing Activity Logs within the Windows Agent that operate at the user level. These logs capture applications used, websites visited, and how long users engaged with them — with the added clarity of full URL visibility. Unlike DNS-only logs, this makes it possible to understand exactly what was clicked, when it happened, and for how long. Importantly, CyberSight also captures activity while devices are offline, syncing data once they reconnect, so visibility isn’t lost. This richer log data makes investigations and incident response more effective. Security teams can filter out background noise, trace potential attack chains, and review user actions with greater accuracy — all within the product, without relying on third-party SIEMs. CyberSight Activity Logs also establish the foundation for dashboards, reporting, and behavior-based intelligence in future phases.

Allow URL filtering, where only a specific URL or directory (IE: www.reddit.com/r/leagueoflegends/ ) would be filtered, but not the entire domain. Note: HTTPS support would require installing our Root CA SSL Certificate - https://trello.com/c/GVov9v6V/34-installable-ca-for-ssl-blocked-sites