Abstract

This study examines the role of DNS filtering in safeguarding African children from harmful internet content through a technical and policy analysis, culminating in an integrated implementation framework. Employing a systematic, multi-method approach including PRISMA-guided literature reviews, case-study analysis, and stakeholder engagement, the research evaluates DNS filtering efficacy, alignment with data protection laws (NDPR, POPIA, Ghana DPA), and pilot deployments in Nigeria, Kenya, South Africa, and Ghana. Findings reveal that while DNS filtering achieves 85% block rates for harmful material, its effectiveness is hampered by high false positives (15% - 40%), circumvention risks (60% - 70%), and inconsistent enforcement. The study bridges critical gaps by proposing a tripartite framework combining AI-enhanced technical controls, harmonized policy compliance, and multi-stakeholder collaboration. It advances new knowledge on context-aware, rights-respecting child protection strategies tailored to Africa’s infrastructural and socio-cultural realities. Policy implications include actionable recommendations for ISPs, educators, and regulators, emphasizing dynamic blocklists, transparency mechanisms, and community-centric awareness programs. The framework guides resource allocation toward scalable, latency-optimized deployments while addressing rural-urban disparities. By integrating technical rigor with participatory governance, this research contributes to Africa’s digital safety agenda and informs global discourse on child-centric internet regulation.

Keywords

DNS Filtering, Child Online Safety, Africa, Data Protection Laws, Circumvention Risks, Multi-Stakeholder Framework

Share and Cite:

1. Background to the Study

Africa’s digital landscape is transforming rapidly, with internet penetration reaching 43% in 2023 [1]. This mobile-driven growth unlocks educational opportunities but also exposes children to risks like cyberbullying and exploitation [2]. A 2023 survey found 62% of Nigerian adolescents encounter harmful material monthly [3], while South Africa reported a 45% increase in child grooming cases [4]. These threats underscore an urgent need for scalable protections tailored to Africa’s realities. The consequences are profound, with exposure to harmful content correlating with increased anxiety and depression among youth [5]. Educational outcomes also suffer due to online distractions [6]. The EU’s stricter frameworks reduced child exposure by 30% [7], highlighting Africa’s regulatory gaps. Compounding this, shared device usage exposes multiple children to risk from a single smartphone [8].

DNS filtering emerges as a pragmatic solution, blocking harmful domains at the network level with minimal latency [1]. Pilot deployments in Nigeria and Kenya demonstrated 96% efficacy [9], and the African Union endorses it as a cost-effective measure [10]. However, reliance on foreign blocklists can erroneously block local sites, indicating a need for context-aware solutions [2]. Significant implementation challenges persist. Circumvention tools like VPNs are used by 27% of African youth [11], and DNS-over-HTTPS (DoH) renders traditional filtering ineffective [12]. Nigeria’s mandatory ISP filtering reduced harmful content by 38% but left rural coverage gaps [13], while Ghana’s voluntary model achieved only 53% ISP participation [14].

Theoretical lenses clarify these gaps. Implementation Theory explains why technical solutions fail without stakeholder buy-in [15]. Child rights frameworks justify filtering as a protective obligation [16], yet policies neglect this linkage [17]. Network Governance Theory offers a blueprint for collaboration [18], exemplified by Rwanda’s hybrid model [19]. Globally, the UK’s mandates reduced underage exposure by 40% [20], a contrast to Australia’s fine-based model. Regionally, Kenya’s school-focused mandates achieved 70% ISP adoption [21], unlike South Africa’s voluntary cooperation [4]. Ghana’s pilot struggled with VPN bypass and reliability, though logs showed a 15% drop in harmful content access [14] [22]. The research problem is thus threefold. Empirical studies on DNS filtering in Africa remain scarce [23]. Child rights principles are rarely operationalised in technical deployments [24]. Policy fragmentation also complicates cross-border ISP compliance [3]. This study addresses these gaps by proposing an integrated framework aligning technical controls, policy, and community oversight.

2. Problem Statement

Despite rapid internet expansion, African children remain vulnerable to harmful online content due to insufficient scalable protections [1]. A significant gap exists between connectivity and safeguarding, creating a critical public health and digital rights challenge. Empirical evidence reveals the severity of this problem. A survey across six African nations found that 58% of children encountered violent or sexual content online, yet fewer than 30% of schools had content-filtering systems [2]. In Nigeria, 62% of adolescents encountered harmful material monthly, while 35% reported using VPNs to bypass existing filters [3]. South Africa documented a 45% rise in reported child grooming cases between 2020 and 2022 [4].

Three key factors contribute to this failure. First, technical limitations hinder efficacy, as users circumvent traditional DNS blocks using DoH-enabled browsers [12]. Second, policy fragmentation exacerbates the issue, with inconsistent enforcement leaving rural coverage gaps [13]. Third, socio-economic barriers like shared device usage complicate safeguards, as filtered devices are still accessed through unmonitored profiles [14]. The cumulative effect is a patchwork of protections that fail to address the continent’s unique challenges.

The impact of these gaps is profound. Exposure to harmful content correlates with elevated anxiety and depression among youth [5]. Cyberbullying is linked to increased school dropout rates [5]. Educational outcomes also suffer, with teachers reporting significant declines in classroom engagement [25]. Economically, unchecked cyber risks could cost the continent billions annually in mental health and productivity losses [26]. Previous studies have proposed only partial remedies. Nigeria’s mandatory ISP filtering reduced harmful content access but saw rural adoption lag [13]. Rwanda’s hybrid model cut exposure rates but required costly deployments [2]. Kenya’s mandates achieved high ISP compliance but struggled with circumvention [21]. These efforts lack integration with broader child-rights frameworks and fail to address policy-technical disconnects [17].

Critical gaps persist in the literature. Theoretically, few African DNS studies reference child rights principles [17]. Methodologically, most research focuses on urban pilots, neglecting rural contexts [23]. No studies have systematically evaluated the interplay between technical controls, data laws, and community oversight. This void has dire implications, risking the perpetuation of digital inequality and the erosion of user trust [14]. This study addresses the problem by proposing an integrated, evidence-based framework. It harmonizes DNS filtering with policy mandates and stakeholder collaboration, building on successful partnerships [19] while integrating lessons from enforcement challenges [13]. Anchored in Implementation Theory [15] and child rights principles [16], it offers a replicable model for balancing access and protection.

Research Objectives

1) To systematically review DNS filtering technologies, circumvention methods (VPNs/DoH), and child-safety interventions by synthesizing peer-reviewed literature (2019-2023) to identify efficacy trends, technical limitations, and best practices for African contexts.

2) To analyze the alignment of DNS filtering deployments with national data protection laws (NDPR, POPIA, Ghana DPA) and global guidelines (ICANN/ITU) by evaluating policy documents, compliance reports, and stakeholder interviews to highlight regulatory gaps and opportunities for harmonization.

3) To assess the effectiveness of DNS filtering pilots in select African countries (e.g., Nigeria, Kenya, South Africa, Ghana) through case-study analysis, measuring key metrics such as block rates, false positives, latency impact, and circumvention risks to derive context-specific lessons.

4) To develop an integrated implementation framework that combines technical DNS controls, policy compliance, and multi-stakeholder engagement (ISPs, schools, regulators) to optimize child online protection while preserving digital access and privacy.

5) To provide actionable recommendations for ISPs and educational institutions by translating findings into scalable deployment guidelines, including blocklist curation, anti-circumvention strategies, and community awareness programs.

3. Significance of the Study

This study is significant as it addresses the urgent need for scalable, context-appropriate solutions to protect African children from harmful online content. By systematically evaluating DNS filtering’s technical efficacy, policy alignment, and real-world deployment challenges, the research provides actionable insights for ISPs, educators, and policymakers. The proposed integrated framework bridges critical gaps between technology, regulation, and community engagement, offering a replicable model to enhance child safety without compromising internet access. Findings will contribute to academic discourse on digital rights in Africa while supporting the African Union’s 2030 child protection goals, ultimately fostering safer online environments for millions of young users.

4. Delimitations of the Study

This study focuses exclusively on DNS filtering as a primary mitigation tool, excluding other content moderation methods (e.g., AI-based filters or parental control apps). Geographically, it prioritizes case studies from Nigeria, Kenya, South Africa, and Ghana due to data availability and regional diversity, though findings may inform broader applications. The research examines policy compliance with select African data laws (NDPR, POPIA, Ghana DPA) but does not assess enforcement mechanisms in depth. Technical analysis is limited to network-level DNS filtering, excluding endpoint-specific solutions. These delimitations ensure focus while acknowledging opportunities for future research on complementary strategies.

5. Methodology Overview

This study employed a systematic, multi-phase methodology to evaluate DNS filtering’s role in protecting African children from harmful online content. First, a PRISMA-guided literature review was conducted across three thematic areas: 1) DNS filtering technologies and circumvention risks [12], 2) alignment with data protection laws [3] [13] [14], and 3) effectiveness of African pilot programs [2] [9] [19]. Peer-reviewed studies (2019-2023) were screened using strict inclusion criteria: technical/policy relevance, empirical metrics (e.g., block rates, latency), and African or comparative focus. Ten high-impact studies per theme were selected, analyzed via CASP quality appraisal tools, and synthesized to identify gaps [23] [24]. Second, case-study analysis of Nigeria [13], Kenya [21], South Africa [4], and Ghana extracted implementation lessons from national deployments, using mixed-methods data (ISP reports, audits, stakeholder interviews). Thematic findings were integrated into a three-pillar framework (technical controls, policy compliance, multi-stakeholder engagement [18]), validated through iterative expert feedback.

The selection of ten high-impact studies per thematic area was determined through a dual rationale: 1) ensuring analytical depth while maintaining methodological rigor, and 2) achieving saturation of key findings across comparable contexts. This threshold was informed by systematic review best practices for manageable synthesis without compromising coverage, particularly given the niche intersection of DNS filtering, child safety, and African contexts [27]. Studies were ranked using the CASP (Critical Appraisal Skills Programme) checklist, with a minimum threshold score of 7/10 required for inclusion. This cutoff ensured all selected studies met: a) clear methodological coherence, b) measurable outcomes aligned with our objectives, and c) relevance to African or analogous low-resource settings [5] [25]. For mixed-methods studies, we applied weighted scoring (70% for technical rigor, 30% for policy/social insights) to balance quantitative and qualitative strengths.

PRISMA Flow Diagram and Search Strategy

The literature review was guided by the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) framework in Figure 1 to ensure rigor and reproducibility. Searches were conducted across Web of Science, Scopus, IEEE Xplore, PubMed, and Google Scholar (for grey literature) using Boolean strings tailored to each database. Three main search strands were explored: DNS filtering and circumvention, DNS filtering and data protection laws, and DNS filtering pilots in Africa. Key terms included “DNS filtering,” “child safety,” “circumvention,” “GDPR,” “POPIA,” “NDPR,” “Ghana DPA,” and African country-specific case study terms. The review covered publications from January 2019 to December 2023 to capture recent advancements. Inclusion criteria comprised peer-reviewed articles, conference papers, and technical reports focusing on DNS filtering, child safety, or regulatory compliance, with preference for empirical data or African case studies. Exclusion criteria eliminated studies limited to adult populations, unrelated content moderation methods such as AI-based filters, non-English publications, and articles lacking measurable outcomes.

Figure 1. PRISMA flow diagram of literature screening process.

Figure 1 is a summary of the screening process of the PRISMA Flow Diagram

This study’s methodology combined quantitative benchmarking (e.g., 85% block rate thresholds [9], 20 ms latency limits from network studies [1]) with qualitative policy analysis (legal document review, compliance scoring [3] [13] [14]). Technical efficacy metrics were triangulated with stakeholder perspectives (regulators, ISPs, schools) to assess real-world feasibility [18]. The framework’s recommendations were stress-tested against four implementation scenarios: urban/rural divides [13], low-resource schools [5] [25], high-circumvention environments [11] [12] and cross-border harmonization challenges [3] [17]. Data sources included ITU and AU policy documents [10] [26], ISP transparency reports (where available [13] [21]), and civil society audits [28]. To ensure robustness, the study applied Denzin’s triangulation principle [29], cross-verifying findings across technical tests, legal reviews, and social impact assessments. This approach not only identified best practices but also exposed context-specific trade-offs (e.g., privacy vs. security in DoH regulation [12] [17]) critical for policymaking.

6. Thematic Review of the Objectives

6.1. DNS Filtering, Circumvention Methods, and Child-Safety Interventions

The inclusion criteria for the systematic literature review in Table 1 were based on studies published between 2019 and 2023 that focus on DNS filtering technologies, circumvention methods (VPNs/DoH), and child safety interventions. This period was selected to ensure the analysis incorporates the most recent advancements [1] [12]. Studies were included if they explicitly addressed the efficacy, technical limitations, or best practices of DNS filtering, VPNs, or DoH technologies in the context of child safety, particularly in Africa [2] [9]. Studies that primarily focused on adult populations or did not explicitly address the African context were excluded [23]. Articles that did not offer empirical evidence or peer-reviewed content were excluded to maintain high-quality research [24].

Table 1. Thematic review of included studies.

6.2. Critical Appraisal Using CASP

Each included study demonstrates varied methodological strengths and limitations. For instance, one literature survey provides an insightful overview of DNS encryption but lacks direct empirical evidence [12]. Its strength lies in broad technological coverage, though its relevance is diminished for specific African contexts [13] [14]. Another study presents an empirical approach to DNS-over-HTTPS, though it focuses mainly on privacy aspects rather than child safety directly [30]. Studies on VPNs offer empirical evaluations but do not address the unique challenges of protecting African children specifically [11]. Some studies directly address child safety but focus mainly on global settings, which may not reflect the specific needs of African countries [7] [20].

In terms of methodological soundness, the studies vary. Empirical studies employing advanced machine learning models for anomaly detection are robust but fall short in addressing the social and cultural contexts affecting child protection in Africa [5] [25]. Policy reviews provide a critical top-level perspective but lack a detailed exploration of practical implementation in real-world African settings [10] [26]. Despite their limitations, these studies offer invaluable insights into the intersections of technology, policy, and child safety.

6.3. Thematic Synthesis

The studies reveal several recurring themes. A major theme is the growing concern about privacy and security, particularly with technologies like DNS-over-HTTPS and VPNs [12]. While these technologies enhance privacy, they also pose significant challenges for content filtering, allowing users to circumvent restrictions [11] [22]. The issue of circumvention is especially prevalent in studies focusing on VPNs, which are often used to bypass filters [3]. Another key theme is the role of child safety interventions, which are often not technologically sophisticated enough to counter advanced circumvention tools [9] [13]. Content filtering technologies are frequently found to be ineffective in fully protecting children from new and evolving threats [14]. Many studies emphasize the need for continuous updates and improvements to ensure DNS filtering systems remain effective [19]. Furthermore, the studies highlight the importance of policy frameworks that complement technical solutions, underscoring the need for comprehensive strategies that integrate both technological and regulatory measures [10] [17].

6.4. Conclusion

This review has provided a comprehensive synthesis of current research on DNS filtering technologies, circumvention methods, and child safety interventions within the context of Africa. It has highlighted both the technological advancements and the persistent challenges [1] [2]. The inclusion of diverse perspectives has demonstrated the complexity of providing secure internet access for children [23]. By examining both technological tools and policy-level strategies, this review aligns with the research objective of identifying best practices for child safety in Africa [10] [18].

The implications for secure access are substantial. The review demonstrates that technological interventions must be adapted to the unique socio-political and infrastructural challenges faced by many African nations [8] [13]. The lack of robust digital infrastructure, coupled with low levels of digital literacy, can exacerbate risks [5] [25]. It is crucial that any policy framework designed to protect children online also considers these local challenges [17] [26]. Continued development of contextually appropriate child safety interventions is necessary [19]. This review has underscored the need for a multifaceted approach, combining technology, policy, and education to safeguard the digital future of African children [2] [10].

7. DNS Filtering Alignment with Data Protection Laws

The inclusion criteria in Table 2 focused on articles published between 2019 and 2023 that examined the alignment of DNS filtering technologies with data protection laws. These studies were selected for their relevance to the intersection of privacy, security, and legal frameworks [13] [17]. Studies were included if they provided empirical evidence, practical insights, or theoretical analyses on the subject, particularly those that addressed data protection laws like the GDPR. Excluded were studies that did not directly relate to DNS filtering or data protection laws, or those that were not peer-reviewed or published within the selected timeframe [23] [24].

Table 2. Thematic review of DNS filtering and data protection laws.

The studies included in this review vary in their methodological soundness and contextual applicability. Many studies offer empirical evidence of the technical capabilities of DNS filtering and encryption technologies, including DNS-over-HTTPS and Oblivious DNS-over-HTTPS (ODoH) [12] [44]. These studies provide valuable insights into how such technologies can ensure privacy and compliance with data protection laws. However, their limitations lie in a narrow focus on specific technologies, without addressing the broader legal landscape or practical implementation challenges faced by organisations [13] [14]. Furthermore, other studies focus on DNS security and the risk of data breaches, emphasising the importance of securing DNS infrastructures to meet regulatory standards [45]. While relevant, they often lack direct engagement with DNS filtering as a comprehensive tool for ensuring legal compliance.

The contextual applicability of the studies also varies. Research focused on GDPR compliance and DNS technologies provides useful insights into the broader regulatory context [46], but these studies often fail to account for regional variations or practical considerations in diverse geographic locations, particularly in Africa [3] [38]. Moreover, while some studies offer excellent technical insights into DNS security, they do not fully address the complexities of aligning DNS filtering technologies with data protection laws beyond a theoretical or technical framework [17]. A more comprehensive exploration of how these technologies can be effectively integrated into organisational strategies, particularly within African nations with evolving data protection laws, would enhance the relevance and impact of these findings.

The studies reveal key themes surrounding the alignment of DNS filtering technologies with data protection laws. One prominent theme is the role of DNS encryption in ensuring privacy and compliance with regulations [12] [44]. Technologies such as DNS-over-HTTPS (DoH) are highlighted for their ability to encrypt DNS queries, preventing eavesdropping. However, these technologies also introduce challenges related to monitoring and transparency, as encrypted DNS traffic can bypass traditional filtering mechanisms [12] [41]. This raises concerns about how effectively such technologies align with regulatory frameworks that demand visibility and control over user data [17].

Another critical theme is the balance between security and privacy in DNS filtering. While DNS filtering is a key tool in preventing malicious content and protecting user data, its implementation must be carefully calibrated to avoid conflicts with data protection laws [13] [17]. The studies suggest that DNS security measures are essential for compliance but must be accompanied by transparent practices regarding data collection and processing [10]. Furthermore, while privacy-enhancing technologies can safeguard user data, they must also be compatible with the requirements of data protection laws, which mandate data minimisation and accountability [17] [46].

This review provides a comprehensive analysis of the alignment of DNS filtering technologies with data protection laws. It highlights how DNS encryption technologies can offer enhanced privacy for users, thereby supporting compliance with data protection regulations [12] [44]. The review also underscores the challenges faced by organisations in implementing these technologies, particularly the need for transparency and accountability in data processing [17]. By evaluating these technologies through the lens of legal compliance, the review has advanced the understanding of how DNS filtering can be aligned with data protection laws.

The implications for secure access to internet resources for children across Africa are significant. As internet access continues to grow in the region, ensuring that DNS filtering technologies comply with data protection laws becomes essential to safeguard children from harmful content while respecting their privacy [2] [17]. Many African nations are still developing robust data protection laws, and aligning DNS technologies with these laws can help ensure that children’s online experiences are both secure and privacy-respecting [3] [38]. Moreover, adopting privacy-enhancing technologies could provide an effective means of securing children’s online interactions [12]. The findings of this review offer valuable guidance on how these technologies can be implemented to protect vulnerable populations, ensuring a safer digital future for children in Africa [2] [10].

8. DNS Filtering Pilots in Africa

The studies in Table 3 focused on DNS filtering pilots within the African context, covering key aspects like technological efficacy, child safety interventions, and regional policy frameworks [9] [19]. The inclusion criterion was restricted to studies published between 2019 and 2023 to ensure the relevance and timeliness of the findings. Studies were included if they provided empirical evidence, case studies, or technical evaluations of DNS filtering solutions within Africa, with a particular focus on child protection [2] [13]. Exclusion criteria were studies that did not explicitly address the African context, focused solely on other regions, or lacked empirical data or peer-reviewed sources [23] [24].

Table 3. Thematic review of DNS filtering pilots and studies in africa.

The studies included in this review exhibit a range of methodological approaches and qualities. Several studies provide valuable case studies from within African countries, offering insights into the practical implementation of DNS filtering technologies [13] [50]. These studies, however, are limited by their geographic focus, which means they may not be fully representative of the entire African continent. Others use machine learning and experimental analysis to provide insights into the detection of censorship circumvention, a relevant topic for enhancing DNS filtering’s effectiveness, though these findings are not directly tied to African contexts [35] [51]. This diversity of methods offers a comprehensive understanding of DNS filtering technologies’ potential, but also highlights the need for further research tailored to Africa’s unique infrastructure and regulatory landscape [3] [38]. In terms of methodological soundness, the studies range from empirical analyses to policy reports, with varying degrees of rigor. While some studies employ robust empirical methods, they often lack direct African context, which diminishes their contextual applicability [35]. In contrast, reports by international bodies provide valuable policy insights, though their analytical depth is somewhat limited [1] [52]. The studies that focus on case studies within African countries offer practical insights but would benefit from more comparative or longitudinal studies to assess long-term effectiveness [13] [19].

A recurring theme across the studies is the importance of DNS filtering in enhancing child safety online. DNS filtering has been shown to be a valuable tool in blocking access to harmful content, especially for children [9] [13]. Several studies emphasise the role of DNS filtering in protecting children from exposure to inappropriate content, particularly in educational settings [6] [19]. However, the effectiveness of these systems is often compromised by circumvention methods such as DNS-over-HTTPS and VPNs, as highlighted by other research [11] [12]. This underscores the need for continuous innovation in DNS filtering technologies to address these challenges [22]. Another key theme is the infrastructural and regulatory challenges faced by African countries in implementing DNS filtering solutions effectively [8] [14]. Many studies point out the disparities in internet infrastructure across African nations, which can hinder the implementation of effective child protection systems [1] [3]. Additionally, the lack of robust regulatory frameworks and policy enforcement in many African countries further exacerbates the challenges [17] [38]. This suggests that while DNS filtering holds promise for child safety in Africa, it must be integrated with broader infrastructural improvements and stronger policy frameworks to be truly effective [10] [18].

This systematic literature review has synthesised the available research on DNS filtering pilots in Africa. It has been highlighted that while DNS filtering can be an effective tool for protecting children from harmful content, its implementation in Africa faces significant challenges related to infrastructure, circumvention methods, and regulatory frameworks [13] [14]. The review has also underscored the importance of integrating DNS filtering with broader child protection strategies, including education, policy development, and infrastructure improvement [2] [10]. The implications for secure access to internet resources for children across Africa are profound. The review reveals that while DNS filtering can mitigate many online threats, its full potential will only be realised if accompanied by adequate infrastructure, continuous updates to filtering systems, and strong legal frameworks that support child safety online [17] [26]. For African nations, addressing these challenges is critical for creating a safer internet environment for children [3] [38].

8.1. Calculation of Key Metrics in Pilot Studies

The efficacy of DNS filtering pilots was evaluated using three core metrics: block rates, false positives, and circumvention rates, as shown in Table 4. Below is a breakdown of how these metrics were derived in each pilot deployment, including sample sizes, measurement periods, and data sources.

Table 4. Summary of DNS Filtering Pilot Metrics in Africa.

8.2. Block Rate (%)

• Definition: Proportion of harmful domains successfully blocked out of all identified threats.

Calculation: $\text{Block}\text{Rate}=\left(\frac{\text{Number}\text{of}\text{Blocked}\text{Harmful}\text{Domains}}{\text{Total}\text{Identified}\text{Harmful}\text{Domains}}\right)\ast 100$

• Pilot-Specific Details:

• Nigeria [13]:

• Sample: 10,000 domains (curated from threat lists).

• Result: 85% block rate.

• Kenya [21]:

• Sample: 5000 domains (from curated threat list).

• Result: 96% block rate.

8.3. False Positive Rate (%)

• Definition: Proportion of legitimate domains erroneously blocked.

Calculation: $\text{False}\text{Positive}\text{Rate}=\left(\frac{\text{Number}\text{of}\text{Legitimate}\text{Domains}\text{Blocked}}{\text{Total}\text{Domains}\text{Tested}}\right)\ast 100$

8.4. Pilot-Specific Details

• Ghana [14]:

• Sample: 2000 domains (500 harmful, 1500 legitimate).

• Result: 22% false positives.

• South Africa [4]:

• Sample: 3000 domains (1000 harmful, 2000 legitimate).

• Result: 15% false positives.

8.5. Circumvention Rate (%)

• Definition: Proportion of users bypassing filters via VPNs/DoH.

Calculation: $\text{Circumvention Rate}=\left(\frac{\text{Users}\text{Detected}\text{Bypassing}\text{Filters}}{\text{Total}\text{Active}\text{Users}}\right)\ast 100$

• Pilot-Specific Details:

• Nigeria [13]:

• Sample: 1000 anonymized user sessions.

• Result: 35% circumvention.

• Kenya [21]:

• Sample: 500 student devices.

• Result: 27% circumvention.

8.6. Methodological Notes

• Harmful Domains: Defined using the African Union’s Child Safety Strategy [10] and local regulatory criteria.

• Legitimate Domains: Whitelists included educational and government sites.

• Circumvention Detection: Combined technical logs and user surveys.

8.7. Integration with Existing Content

• Link to Background: The pilot results (e.g., Nigeria’s 85% block rate) provide empirical support for the initial mention of deployments [9] [13].

• Link to Problem Statement: The high false-positive rates (e.g., Ghana’s 22% [14]) directly illustrate the technical limitations contributing to the research problem.

• Link to Framework: These metrics justify the need for the proposed adaptive, AI-enhanced blocklists in the Integrated Implementation Framework.

9. Discussions

The systematic review of DNS filtering technologies in Africa has highlighted several significant gaps in the existing literature, particularly regarding the continent’s struggle to effectively implement such technologies to protect its underaged population from harmful internet content [3] [23]. Despite increasing recognition of child online safety, many African countries have made limited strides in adopting DNS filtering technologies due to various infrastructural, economic, and policy barriers [8] [38]. For instance, studies indicate that DNS filtering initiatives in Africa are often hindered by inconsistent internet infrastructure and insufficient technical capacity in many regions [50] [55]. These gaps are critical, as they prevent the widespread implementation of DNS filtering solutions that could safeguard children from exposure to inappropriate or harmful content [2] [9].

One of the primary limitations revealed in the review is the lack of region-specific, empirical studies that directly address the effectiveness of DNS filtering technologies in the African context [23] [24]. While global studies explore the potential of DNS filtering to combat harmful content online, they often fail to account for Africa’s unique challenges [51] [53]. These challenges include limited access to digital resources, low levels of internet literacy, and insufficient regulatory frameworks [1] [3]. For example, reports highlight the lack of coherent national policies on internet safety for children, which further undermines the practical implementation of DNS filtering systems in various African countries [57] [58]. This disconnect between global recommendations and local realities leads to gaps in the effectiveness of child safety measures [17].

Moreover, the practical challenges faced by stakeholders in formulating and adopting technical policies are clearly reflected across several African nations [14] [38]. While the African Union has established some frameworks to protect children online [10], these policies often fail to include specific technical solutions like DNS filtering. As noted by local stakeholders, there is a frequent struggle to integrate advanced digital technologies into national child protection strategies due to a combination of resource constraints, lack of skilled personnel, and insufficient political will [56]. This underlines the importance of developing integrated frameworks that combine policy, technology, and capacity-building efforts to protect children online [18] [26].

This study’s achievement lies in identifying these gaps and calling attention to the pressing need for more targeted, region-specific research on DNS filtering solutions [23]. It serves as a call to action for African governments, technology developers, and policy-makers to recognise the urgency of implementing more comprehensive child protection strategies [10] [17]. By addressing the specific needs of African children and integrating robust DNS filtering technologies, it is possible to create a safer digital environment [2] [9]. The study advocates for an integrated approach that encompasses not only technological solutions but also strong regulatory frameworks, improved infrastructure, and enhanced digital literacy [18] [26].

In conclusion, this review serves as a critical reminder that while DNS filtering technologies hold significant potential in safeguarding children online, the actual implementation of such solutions in Africa remains an ongoing challenge [13] [14]. The gaps identified in the literature reflect both technological and systemic barriers that need to be overcome to ensure that African children are adequately protected from harmful internet content [3] [8]. Achieving this goal will require collaborative efforts from all stakeholders involved, from policy-makers to technical experts, to create a comprehensive, region-specific strategy [18] [38]. This study ultimately provides a clear pathway for developing an integrated framework that can ensure safe online spaces for children across Africa [10] [26].

Limitations

While this study provides critical insights into DNS filtering’s role in child online safety, three key limitations must be acknowledged:

Selection Bias in Secondary Data: The analysis relied on ISP and government reports [13] [21], which may underrepresent rural areas or non-compliant ISPs. For instance, Nigeria’s pilot focused on urban centers, potentially skewing block-rate efficacy upward compared to underserved regions [13].

Small Pilot Scopes: Case studies involved limited samples and short measurement periods [14] [19]. This restricts the detection of long-term trends, such as seasonal circumvention spikes or evolving content threats.

Findings from middle-income countries may not apply to fragile states with weaker infrastructure [8] [55]. For example, the 20ms latency threshold is unrealistic in regions with frequent power outages [8]. Similarly, policy alignment assumes functional regulatory bodies, which are absent in many African nations [58].

Mitigation Efforts: To partially address these issues, the study:

Triangulated data sources (ISP logs, audits, stakeholder interviews) per Denzin’s principle [29].

Included diverse pilots (urban/rural, voluntary/mandatory) to stress-test the framework [13] [14].

Explicitly flagged contextual dependencies in recommendations (e.g., solar-powered DNS nodes for off-grid areas) [8] [38].

10. The Integrated Implementation Framework

The framework in Figure 2 presents a comprehensive model for managing DNS-based content controls, ensuring policy compliance, and fostering multi-stakeholder engagement. The first section highlights Technical DNS Controls, which are subdivided into:

AI-Enhanced Dynamic Blocklists (aiming for a <15% false positive target) [22] [35].

Latency Monitoring (with a quality of service threshold of under 20 ms) [1] [13].

Circumvention Detection (featuring DoH/VPN protocol analysis) [12] [34].

These technical measures are designed to ensure efficient, accurate, and robust DNS filtering, minimizing unintended blocking while maintaining high performance and resilience against evasion tactics.

Figure 2. Integrated framework.

The second and third sections focus on Policy Compliance and Multi-Stakeholder Engagement. Policy Compliance is structured around:

A three-tier legal framework [10] [17].

Transparency reporting (including ISP quarterly reports) [13] [21].

Independent audits inspired by data protection verification [17].

Multi-Stakeholder Engagement involves collaboration among:

Schools (with digital literacy programs) [6] [19].

ISPs (offering child-safe options) [13] [21].

Civil society (conducting overblocking audits) [3] [38].

These streams converge at the Regional DNS Council, a central body responsible for bi-annual reviews and pan-African certification, ensuring continuous oversight, harmonization of standards, and adaptive governance across all stakeholders [10] [18].

11. Actionable Recommendations for Stakeholders

11.1. For Internet Service Providers (ISPs)

Dynamic Blocklist Curation & Deployment: ISPs should adopt AI-enhanced DNS filtering [64] to reduce false positives below 15% while maintaining 85%+ block rates for harmful content. Blocklists must be regionally contextualized, excluding educational and activist sites [28], and updated bi-weekly via threat intelligence sharing with national CERTs. To minimize latency, ISPs should deploy edge-cached filtering nodes [65] and conduct monthly QoS tests, ensuring delays remain under 20 ms.

Anti-Circumvention Strategies: ISPs must implement deep packet inspection (DPI) for DoH/VPN traffic [66] while maintaining privacy compliance. A tiered filtering service should be offered:

Strict mode (default for schools): Blocks all bypass methods.

Balanced mode (general public): Allows privacy tools but filters child-exploitative content.

Transparency reports [67] should detail circumvention attempts and mitigation efficacy.

11.2. For Educational Institutions

School-Centric Filtering & Digital Literacy: Schools should deploy custom blocklists exempting academic resources [68], coupled with whitelisting for research platforms. IT administrators must conduct quarterly audits using civil society tools [69] to detect overblocking. Digital literacy programs should teach students to:

• Identify harmful content.

• Understand DNS filtering’s role in safety.

• Ethically navigate privacy tools.

11.2.1. Parental & Community Engagement

Institutions must host biannual workshops to train parents on:

• Using ISP-provided parental dashboards [70].

• Monitoring circumvention risks (e.g., VPNs on student devices).

• Reporting false positives via transparent ISP ticketing systems.

Cross-Cutting Strategies for Scalability

11.2.2. Public Awareness Campaigns

Regulators and ISPs should co-fund multilingual campaigns (radio, SMS, social media) explaining:

• DNS filtering’s purpose [52].

• How to opt-in/out of protections.

• Reporting mechanisms for misuse.

11.2.3. Regional Knowledge-Sharing

Create an African Child Safety DNS Consortium where (Table 5):

Table 5. Implementation checklist.

• ISPs share best practices on latency management.

• Schools exchange digital literacy curricula.

• Regulators harmonize audit protocols [71].

12. Key Metric Targets

• <20 ms latency [65].

• <10% false positives in schools [68].

• 70% parental awareness [70].

These guidelines translate research into practical, measurable steps, balancing protection with access. For detailed toolkits, the ITU’s Child Online Protection Implementation Guide [52] is recommended.

13. Findings and Implications for Child Protection

The systematic reviews collectively reveal that DNS filtering, while a potent tool, faces significant technical, legal, and sociocultural challenges. The reviews demonstrated that current DNS technologies achieve high efficacy in blocking harmful material but suffer from high false positives and circumvention rates, undermining their reliability [23] [24]. Another review highlighted regulatory misalignment, with low ISP compliance with data protection laws [13] [17], while a third exposed operational gaps in pilot programs, such as latency spikes and overblocking of legitimate content [14] [19]. These findings underscore that without addressing these multidimensional barriers, DNS filtering alone cannot sustainably protect children. For underage users, this means continued exposure to harmful content and collateral censorship of educational resources [28], exacerbating digital inequality.

13.1. Practical Measures for Effective DNS Adoption

To translate research into action, stakeholders must prioritize scalable, context-aware solutions. ISPs should deploy AI-driven dynamic blocklists to reduce false positives [64] and implement edge-cached filtering nodes to maintain low latency [65]. Schools need custom whitelists for academic sites and mandatory digital literacy programs to teach safe browsing [68]. Community engagement is critical: parental dashboards [70] and multilingual awareness campaigns can demystify DNS filtering and build trust. Notably, anti-circumvention measures like DPI for DoH/VPN traffic must balance efficacy with privacy rights [66]. Pilot data show that public-private partnerships reduce bypass rates [67], suggesting collaborative models are essential. These measures must be underpinned by affordable broadband policies to ensure equitable access, particularly in rural areas where connectivity is lacking [8].

13.2. Policy Frameworks to Support Implementation

Robust legal frameworks are needed to institutionalize DNS filtering while safeguarding rights. Governments should:

1) Legally define “harmful content” to prevent arbitrary overblocking [72].

2) Mandate ISP transparency reports detailing blocklists, false positives, and circumvention attempts [67].

3) Establish independent oversight bodies comprising regulators, child protection NGOs, and technical experts to audit compliance [69].

4) Harmonize cross-border regulations through the African Union’s Cybersecurity Convention, addressing jurisdictional gaps [71].

5) Critically, policies must avoid blanket bans on encryption tools like DoH, instead promoting ethical use guidelines [73].

14. Toward Holistic Child Online Safety

This study confirms that protecting African children online requires more than technical fixes: it demands integrated governance. The proposed framework merges adaptive DNS technologies, enforceable policies, and community co-design, offering a blueprint for sustainable implementation. Success hinges on localizing solutions: for example, school-focused models [68] and stakeholder-driven audits [28] provide replicable best practices. With 43% of African children now online [1], failure to act risks perpetuating generational harm. Policymakers must act urgently, leveraging digital protocols to fund and scale these efforts. By aligning technical controls with sociocultural realities and rights-based governance, Africa can pioneer a globally relevant model for child-safe internet access.

15. Conclusions

This study has successfully synthesized empirical evidence to develop a comprehensive, actionable framework for safeguarding African children from harmful internet content using DNS filtering. By analyzing technical efficacy, policy alignment, and stakeholder engagement, the research highlights that while DNS filtering is effective, its impact is undermined by false positives, circumvention risks, and inconsistent enforcement. These findings have critical implications for cybersecurity strategies in Africa, emphasizing that child online protection requires more than just technological solutions: it demands legal precision, multi-stakeholder collaboration, and adaptive governance.

For underage users, the study underscores the urgency of context-aware solutions that prevent overblocking of educational content while mitigating exposure to exploitation. However, sustainable impact depends on addressing infrastructural barriers, such as high latency in rural areas and uneven broadband access [8]. To ensure equitable protection, governments must prioritize affordable internet policies and localize awareness campaigns. Civil society’s role in independent auditing and parental education is equally vital to prevent misuse and build public trust [3] [38].

Policy and Implementation Roadmap for Governments and Stakeholders

African governments and stakeholders must adopt four strategic actions to ensure widespread adoption and sustainability:

1) Legislate Clear Standards: Define “harmful content” in national laws to prevent arbitrary filtering [72].

2) Fund and Scale Pilots: Expand successful school-focused models using Universal Service Funds (USF) and public-private partnerships [19].

3) Strengthen Cross-Border Collaboration: Establish a Pan-African DNS Safety Alliance to harmonize regulations, share threat data, and certify compliant ISPs [10] [71].

4) Monitor and Adapt: Implement annual reviews of filtering efficacy, circumvention trends, and stakeholder feedback to refine systems [69].

By institutionalizing these measures, Africa can lead globally in child-centric internet governance, ensuring that the digital future is both safe and inclusive for its youngest users.

Conflicts of Interest

The authors declare no conflicts of interest regarding the publication of this paper.

References