Malwarebytes DNS Filtering has the following requirements:
Domains and sub-domains that are Fully Qualified Domain Names (e.g. mail.google.com) or Partially Qualified Domain Names (e.g. google.com) are supported. Only the suffix of a domain is required (e.g. google.com is equivalent to *.google.com). Single label domains are not supported.
- An active subscription to Malwarebytes Incident Response, Endpoint Protection, or Endpoint Detection and Response.
- An active subscription to the DNS Filtering module.
Endpoints require the following operating systems to filter network traffic.
NOTICE - The following system requirements are specific for DNS Filtering. For our Endpoint Protection requirements, see System requirements for Nebula.
- Windows Server: 2022, 2019, 2016, 2012, 2012 R2
- Windows: 11, 10, 8.1
CAUTION - DNS Filtering is not supported on DNS Servers and will block communications.
Endpoints running DNS Filtering need to allow HTTPS outbound connections that resolve DNS lookups to https://*.cloudflare-gateway.com
Browser and Operating System Requirements
DNS over HTTPS (DoH) or Secure DNS must be disabled for browsers and operating systems to allow Malwarebytes DNS filtering to operate properly. See the following articles for managing Windows and browser DoH settings via Group Policy.
Note: Look up instructions for your specific browser if DoH needs to be disabled manually on an endpoint.
Return to Malwarebytes Nebula DNS Filtering guide.