How DNS Works

Every website you’ve ever visited, every app that ever loaded an ad, every piece of malware that ever tried to phone home — it all starts with the same three-second process most people have never heard of.

It’s called DNS, and whoever controls it controls what you can and can’t reach on the internet.

What is DNS?

DNS stands for Domain Name System. The practical explanation: computers communicate using numerical IP addresses — strings of numbers like 76.76.21.21. Humans remember words. DNS is the translation layer between the two.

When you type stoix.io into a browser, your device doesn’t know where that is. It asks a DNS server. The DNS server looks it up and returns an address. Your browser connects to that address. The site loads. This entire exchange takes milliseconds and happens thousands of times a day across your devices, mostly invisibly.

The sequence every time you visit anything:

You type a domain into your browser or open an app
Your device asks the DNS server: “Where is this?”
DNS returns an IP address
Your device connects to that address
Content loads

That’s it. The whole thing. And here’s where it gets interesting.

How DNS Filtering Works

Every request goes through DNS first. Which means whoever sits between your device and the DNS server can decide what resolves and what doesn’t — before a single byte of content downloads.

Without filtering — normal DNS:

You → DNS Server → Website
     (every request goes through, no exceptions)

Every ad server, every tracker, every malicious domain gets the same green light as everything else.

With Stoix — filtered DNS:

You → Stoix DNS → Filter check → Website
                       ↓
                  Safe: connects
                  Blocked: stops here

Stoix checks every DNS request against its filter lists. Safe domains resolve normally. Blocked domains — ad servers, trackers, malware infrastructure, whatever categories are configured — return nothing. The connection never opens. The content never downloads.

Why DNS Filtering is Unusually Effective

The key thing that separates DNS filtering from browser extensions is scope. A browser extension only sees what happens inside that browser. Everything else on the device — every app, every game, every background process, every smart TV quietly logging your viewing habits — operates completely outside the extension’s view.

DNS filtering works at the network request level, which means:

Everything is covered. Apps, browsers, games, streaming services, system processes, anything that makes a network request goes through DNS first.

Blocking happens before anything downloads. There’s no ad that partially loads then disappears. The request for the ad server returns nothing, so the ad never starts. This makes pages genuinely faster — news sites often load 40–60% quicker without the ad and tracker payload.

One setup covers everything. Configure it once. It runs in the background. No per-app setup, no browser-by-browser configuration.

DNS vs Other Blocking Methods

Method	Coverage	Performance	Privacy	Setup
DNS Filtering (Stoix)	Entire device	Fast	Private	Easy
Browser Extensions	Browser only	Medium	Varies	Easy
VPN	Entire device	Slower	Trust required	Complex
Hosts File	Device-wide	Fast	Private	Technical

The hosts file comparison is worth noting — it achieves similar device-wide coverage but requires manual maintenance of a local text file. DNS filtering does the same thing, maintained automatically, updated in real time as new ad and malware domains appear.

Understanding DNS Records

When Stoix checks a DNS request, it’s looking at the domain being requested, not just the specific URL. A few record types are relevant:

A Record: Maps a domain name to an IPv4 address. The most common type — stoix.io → 76.76.21.21.

AAAA Record: Same thing for IPv6. Modern devices use these constantly.

CNAME Record: Points one domain to another. Ad networks and trackers rely heavily on CNAMEs to disguise their domains as first-party content — a tactic called CNAME cloaking. Stoix resolves and checks these too, so the disguise doesn’t work.

How Stoix Stays Fast

The obvious concern with checking every DNS request through a filtering layer is latency. Adding a step should add time.

In practice, it doesn’t — for a few reasons:

Edge servers: DNS requests go to the nearest server, not across the country.

Caching: Frequently accessed domains are cached. If a thousand people already looked up google.com in the last few seconds, your lookup returns instantly from memory.

Optimized filter lists: Matching a domain against millions of blocked domains takes milliseconds at scale. The filtering step adds less time than the network round trip itself.

Anycast routing: Requests automatically route to the closest available server without any configuration on your end.

The net result is that filtered DNS is often faster than unfiltered DNS — because the cached lookups are quick and blocked requests stop before downloading anything.

DNS Security Features

DNS over HTTPS (DoH)

Standard DNS requests are unencrypted, which means anyone between you and the DNS server — your ISP, a network admin, someone on the same public Wi-Fi — can see every domain you’re querying. DoH encrypts DNS requests inside HTTPS, making them indistinguishable from regular web traffic.

DNS over TLS (DoT)

Achieves the same encryption goal through a dedicated encrypted channel rather than HTTPS. Works particularly well on Android and is the preferred method for mobile devices.

DNSSEC

Validates that DNS responses are authentic and haven’t been altered in transit. Without DNSSEC, a compromised network can return false DNS responses that redirect you to malicious sites even when you typed the right address.

Common Questions

Does DNS filtering slow down my internet?

No — usually the opposite. Ad and tracker requests stop at the DNS level before any content downloads, which reduces page load times, data consumption, and battery drain on mobile.

Can websites tell I’m using DNS filtering?

They can detect that ads aren’t loading, but they can’t specifically identify DNS filtering as the cause. To websites, you look like any other visitor.

What happens if Stoix servers are down?

Your device automatically falls back to secondary DNS servers. No internet outage.

Can I use Stoix with a VPN?

Yes. The two tools cover different things — DNS filtering operates on what domains resolve, a VPN encrypts the traffic itself. They’re complementary. Learn more about DNS vs VPN.

Learn More

DNS vs VPN — What each one actually does
Tracking Protection — How trackers work and how they get blocked
Customize Your Filters — Configure what gets blocked