Circle vs. DNS Filtering

How Disney's Circle works, why it can cause issues, and an alternative option.

You’ve probably heard of Circle, a device made by Disney that adds parental controls to your home network and WiFi. You might have encountered strange issues after setting up Circle. This article will explain how Circle actually works and why it’s not always the best option for protecting your network.

How Circle Works

Circle uses a technique known in the IT security world as “ARP spoofing” or “ARP poisoning”. Basically, it impersonates your router and tells all your computers, phones, etc. that they need to go through Circle to get to the Internet. Circle receives all that data and passes it on to your actual router. Before passing it on, however, Circle checks the data to see if it should be allowed to pass. Anything that isn’t allowed is thrown away.

Circle illustration

However, this type of trick can cause issues, as devices can become confused as to the identity of the router. Circle could also become overwhelmed and not able to keep up with all the data going through it. This can lead to all kinds of strange issues that only stop happening when Circle is unplugged and the router is able to regain full control of the network. Obviously, having strange problems is not ideal!

An Alternative

Fortunately, there is an alternative technology to Circle’s ARP spoofing that works much better: DNS filtering. First, a short explanation of what DNS is. DNS stands for Domain Name System, and is essentially a giant Internet phonebook. When you tell your computer to go to a website (for example, netsyms.com), it needs to know the IP address for netsyms.com. An IP address is a bunch of hard-to-remember numbers that every computer and website has. Computers use these numbers to connect to each other. When you type “netsyms.com” into your computer, it uses DNS to find the correct IP address for netsyms.com. This all happens very fast before a website starts loading.

To find a website’s IP address in the DNS system, your computer needs to know which DNS server to ask. Usually your router will tell it what DNS server to use. It’s often run by your internet service provider.

With DNS filtering, you instruct your router to instead use a DNS server you control. This way, when your computer tries to lookup a website it’s not allowed to visit, your DNS server can lie and say the website doesn’t have an IP address at all! Without an IP address, there’s no way for your computer to go to the website. It has no choice but giving up and displaying an error message.

DNS filtering illustration

With DNS filtering, the actual communication between your computer and websites isn’t affected. This results in far fewer issues than with the ARP spoofing technique used by Circle. In fact, using a DNS server on your own network can actually speed up your connection, as looking up IP addresses will be much faster!

DNS filtering is often used to block ads, but can also be setup using lists of inappropriate websites or a custom block list.

If you’re interested in getting DNS filtering set up on your network, contact us with the form below!