Proposal for Improvement of the DNS Filter Mode Functionality in the NSE3000
Context
During the implementation and testing of the Cambium NSE3000, an important limitation was identified in the DNS Filter Mode module:
currently, there is no practical way to upload or manage large domain blocklists.
The system requires that domains be entered manually, one by one, which is not feasible for network environments that need to maintain dynamic filtering policies or extensive domain blocklists.
Current Situation
-
The DNS Filter Mode configuration interface allows manual addition of domains.
-
There is no option to import domain lists from a file (e.g.,
.csv,.txt,.json, etc.). -
There is also no option to link external or cloud-based lists that the device could download or synchronize periodically.
This severely limits the NSE3000’s ability to perform advanced web control, cybersecurity, and content filtering functions in enterprise or ISP environments.
Proposed Improvement
It is recommended that the NSE3000 incorporate an enhanced DNS Filter Mode module with the following capabilities:
-
Import Local Domain Lists
-
Allow uploading of files in
.csv,.txt, or.jsonformat containing multiple domains or subdomains to block. -
Include automatic validation of file format and a summary confirming successful import with the total number of domains added.
-
-
Synchronize Remote Lists
-
Allow the user to specify a remote URL or online repository containing a public domain blocklist, for example:
https://github.com/StevenBlack/hosts -
The device could fetch this list manually or automatically (daily/weekly) and apply it directly within the DNS Filter Mode module.
-
-
Support for Open Source Blocklist Formats
-
Add compatibility with popular Open Source DNS filtering solutions such as Pi-hole, AdGuard Home, dnsmasq, or unbound.
-
This would maintain alignment with the open-source principles upon which much of the NSE3000’s platform is built.
-
Expected Benefits
-
Enables mass management of blocked domains.
-
Keeps the device automatically updated against new malicious or unwanted domains.
-
Enhances the NSE3000’s usefulness as a DNS security and filtering solution.
-
Reduces manual administrative work and human error.
-
Strengthens product competitiveness against other solutions such as Pi-hole, AdGuard Home, or pfBlockerNG.
Real Use Case
In our deployment, the NSE3000 was purchased specifically to provide domain blocking functionality.
However, due to the inability to load a list of approximately 37,000 domains, the task became unfeasible.
As a result, the device is currently disconnected, since manually entering each domain is impractical — particularly considering that several open-source DNS solutions already allow this process automatically and efficiently.
Strategic Value
Integrating this functionality — especially if managed centrally through cnMaestro On-Premise or Cloud — would turn the NSE3000 into a truly exceptional and competitive product.
Allowing administrators to manage local or remote domain blocklists directly from cnMaestro would add a significant value advantage to the Cambium ecosystem, combining security, automation, and ease of use in a single unified platform.
Conclusion
The NSE3000 could substantially improve its performance, usability, and adoption by implementing an advanced DNS list management feature (both local and remote) within its DNS Filter Mode module.
This capability, together with its integration with cnMaestro, would not only increase the product’s value compared to competing solutions but also strengthen Cambium Networks’ position as a provider of modern, secure, and open-source-aligned networking solutions.
Thank You