How to Write a DNS Filtering Note for Family Members

QUICK ANSWER

Families should be told which online risks the DNS rules address, whose devices or profiles they cover, what may be blocked, what limited DNS activity may be retained, who can review it, and how to ask for an exception. Say clearly that DNS cannot read pages, searches, messages, voice, or complete browsing history, then set a review date together.

Published
May 26, 2026
Words
1,184 words
Reading time
6 min read

Families should be told which online risks the DNS rules address, whose devices or profiles they cover, what may be blocked, what limited DNS activity may be retained, who can review it, and how to ask for an exception. Say clearly that DNS cannot read pages, searches, messages, voice, or complete browsing history, then set a review date together.

The practical outcome is household transparency without one broad rule or invisible review process for everyone. The note should help a child, teenager, adult, or caregiver predict the boundary and raise a problem. It is not a threat, a secret surveillance disclosure, a one-time announcement, or a substitute for an ongoing family conversation.

Make the note a family agreement

Start with the shared need: reducing known malicious domains, keeping adult categories away from a young child’s profile, or protecting a device used for homework. Then say what remains open. A safety boundary is easier to trust when family members can request an exception, report a broken school or health service, and see that adults also accept limits on unnecessary inspection.

Do not make secrecy part of enforcement. A device may change networks, a browser or VPN may choose another resolver, and cached answers or existing connections may not create a fresh lookup. Explain the expected boundary without teaching a bypass recipe, and use device, platform, account, and conversation-based safeguards for risks DNS cannot address.

Cover seven household promises

  1. Name the safety or household purpose in language each affected person can understand.
  2. List the profiles, devices, networks, or shared resources covered, and say who is not covered.
  3. Explain that a domain lookup may be allowed, blocked, or redirected under the relevant rule.
  4. Say what aggregate or detailed activity is retained, who may review it, and for how long.
  5. Promise not to treat one lookup as proof of intent, a visit, or wrongdoing.
  6. Give a simple route for asking why something was blocked and requesting a narrow exception.
  7. Set a date to review whether the purpose, scope, access, and temporary exceptions still make sense.

DNS deserves careful language because the data is limited yet sensitive. It cannot read page contents, full URL paths, search terms, in-app chats, voice audio, or full browser history. A lookup can also come from prefetching, advertising, an embedded page element, an update, or background software. RFC 9076 explains that linked DNS transactions may reveal use patterns even though any single query is ambiguous.1

Adjust the conversation by age

For a young child, keep the note concrete: “This tablet has a rule that blocks some unsafe or adult sites. Tell us if schoolwork is blocked. We will check the rule, not read your messages.” Repeat the explanation when the device or boundary changes. A caregiver can make the final safety decision while still inviting questions and acknowledging the child’s experience.

For an older child or teenager, discuss purpose, scope, evidence, exceptions, and review openly. Ask which ordinary tasks must work and which kinds of oversight feel disproportionate. UNICEF’s guidance emphasizes helping children build knowledge and use technology independently and responsibly, while its work on children’s best interests argues that children should be meaningfully engaged in digital decisions.23

For adults, guests, or caregivers, avoid assuming that a child-focused restriction belongs to them. Shared malware protections may be reasonable across the household, while content categories or schedules can remain profile-specific. Tell guests what the network does before they rely on it for sensitive work, and provide a guest path or other practical choice where appropriate.

Use this family note as a start

Our household uses DNS filtering on [profiles, devices, or networks] to [specific safety purposes]. It may allow, block, or redirect a domain lookup. It cannot read page contents, searches, messages, voice audio, or complete browsing history, and one lookup does not prove what a person intended or viewed. We normally check [aggregate outcomes or controlled tests]. Detailed activity may be reviewed by [people or roles] only for [named reasons] and kept for [period]. Ask about a block or request an exception through [family process]. We will review these rules and any temporary exceptions on [date].

Replace the brackets together. If the family cannot explain why detailed history exists, stop routine detail collection and use configuration checks, aggregate outcomes, or a controlled test instead. Keep the final note where household members can revisit it. A one-time announcement followed by silent policy changes does not create transparency.

Test the boundary without snooping

  1. Choose one covered device and confirm which household profile and resolver path it should use.
  2. Pick one ordinary task that must remain available, such as school, health, communication, or work.
  3. Use a provider-documented safe test domain or another harmless expected policy test.
  4. Confirm an explicit allow, block, or redirect outcome instead of treating every DNS error as a filter result.
  5. If the result is wrong, inspect the smallest relevant device and time window rather than scanning everyone’s history.
  6. Record the exception or correction, its owner, and its review date, then tell affected family members what changed.
  • Do not apply the strictest child profile to the whole household for convenience.
  • Do not use a blocked lookup to accuse someone of seeking harmful content.
  • Do not promise that DNS can control content inside every app or platform.
  • Do not make exception requests embarrassing or impossible.
  • Do not retain detailed family activity without a purpose and closing date.
  • Do not confuse a household agreement with the legal duties of an online service or employer.

Family-note questions

Should parents show children DNS activity?

Usually begin with the rule, aggregate outcomes, and the child’s reported problem rather than detailed activity. Open a narrow event only when it answers a specific safety or troubleshooting question, and explain why. Avoid making a child defend background lookups they did not initiate.

Does every family member need the same DNS rule?

No. Boundaries should reflect age, device purpose, risk, and shared household needs. Keep common security protections where appropriate, then use separate profiles or resources for restrictions that do not belong to every adult, child, guest, or smart device.

No. It is a practical household agreement, not legal advice or a substitute for obligations that may apply to a service, school, employer, caregiver, or other organization. Keep those relationships and notices separate.

Review one household Space in Veilty

In Veilty, choose one household Space and one representative resource. Confirm its assigned profile, resolver path, reusable baseline, and any enforced Space policy. A resource may adapt baseline policy when permitted but cannot weaken enforced policy. Test the narrowest relevant change on that device before applying it to another family member or resource.

Begin with aggregate outcomes. Retained DNS activity is Space-scoped, end-to-end encrypted with user-held keys, and visible only through permitted Space roles, while the resolver necessarily processes live requests to answer and apply policy. If a named problem requires detail, limit the view to that resource and time window, make the decision, close the review, and update the family note if the boundary changed.

References

  1. RFC 9076: DNS Privacy Considerations - RFC Editor
  2. Online privacy checklist for parents - UNICEF
  3. Children’s Best Interests in Digital Policy and Practice - UNICEF

Related articles