Rethinking Browser Security: Inside Atakama’s Evolving DNS Approach
When it comes to cybersecurity, DNS may not be the flashiest protocol in the stack, but it remains one of the most critical. Atakama’s DNS feature, part of our browser security platform, was built to give organizations not only strong filtering capabilities but also resilience, speed, and intelligence.
Recently, Staff Engineer Aman Grewal sat down with us to discuss the latest updates, the philosophy behind our DNS filtering approach, and where the technology is headed next.
Beyond the Basics: Reliability and Resilience
While DNS as a protocol hasn’t changed in decades, the way it’s implemented and optimized matters enormously for security and for delivering a truly secure browser experience.
“A lot of the updates we’ve been working on are around improving reliability, reducing latency, and increasing throughput,” Aman explained. “DNS performance tuning is hard, unlike other software, you can’t just make assumptions. You need real usage data to ensure your adjustments make sense.”
Atakama’s engineering team has also been embracing chaos engineering principles, testing failover scenarios by simulating catastrophic failures. “It’s about making sure we can recover seamlessly,” Aman said. “We’re working toward testing these modes at scale, not just in small lab environments.”
Smarter Filtering with DNS-over-HTTPS
Traditional DNS filtering often relies on IP-based rules at the network level. Atakama supports this through what we call Network DNS. But when a user installs our agent, we take filtering further with DNS-over-HTTPS (DoH), a key component of Atakama’s secure browser strategy.
This shift unlocks two major advantages:
-
User-Level Policies – Instead of applying rules to an office or IP block, policies can be personalized for each user, whether they’re in the office or working remotely.
-
Encryption & Trust – Requests are encrypted end-to-end, ensuring no one in the chain can snoop on browsing activity. Users can also trust responses more readily, knowing they originate directly from Atakama.
As Aman put it:
“The only parties who know what site is being requested are the user’s computer and our server , nothing in between.”
Staying Ahead of Emerging Threats
One of the most common questions Atakama hears from customers is how quickly we can block malicious domains. The answer: very quickly.
Newly discovered malicious domains are typically integrated into our system within 30 minutes or less, and often much faster.
We’re also rolling out policy features that allow MSPs and IT teams to block any domain less than 30 days old, recognizing that many malicious campaigns rely on freshly minted websites.
That said, Aman was quick to point out the reality of security trade-offs:
“If you’re the very first person to click a brand-new malicious site, no DNS solution can protect you in that instant. Any company saying otherwise isn’t being truthful.”
This transparency is core to Atakama’s browser security philosophy.
Finding the Right Balance: Security vs. Usability
Atakama’s approach recognizes that DNS filtering—and browser security as a whole—isn’t just about blocking threats. It’s also about striking the right balance between productivity and friction.
Policies can (and should) block known malicious sites, phishing domains, and crypto scams. However, when it comes to broader categories such as entertainment or sports organizations, these need to weigh productivity concerns against user frustration.
“The more stuff you block, the more annoying it is for users. If they get too annoyed, they’ll find workarounds, and then they’re completely unprotected,” Aman noted.
As he summed it up:
“Security at the expense of convenience comes at the expense of security.”
Why Atakama’s Approach Matters
The “why” behind Atakama’s DNS philosophy is simple: to close the gaps traditional solutions leave open.
By leveraging DNS-over-HTTPS, server-side intelligence, and adaptive policies, we:
-
Protect users individually, not just networks.
-
Keep filtering efficiently by processing malicious URL data server-side.
-
Provide faster response times while lowering client-side costs.
As Aman explained, “Storing all malicious data locally would slow machines down, burn bandwidth, and raise costs for clients. Our server-side filtering keeps protection strong without those trade-offs.”
Moving Fast, Looking Ahead
Atakama’s DNS engine has come together quickly, with new improvements rolling out on a biweekly cadence. Unlike other features that demand complex backward compatibility, DNS gives the team the freedom to innovate rapidly.
And the journey is just beginning. Next month, Aman will represent Atakama at a major DNS conference in Stockholm, bringing back insights to further refine our platform.
Final Thoughts
Atakama’s DNS filtering isn’t about reinventing the wheel—it’s about making DNS work smarter, faster, and safer for modern enterprises. With user-level policies, rapid threat response, and a careful balance between security and usability, Atakama is redefining how organizations should think about this foundational layer of security.
