Friday 11 Nov 2016 @ 14:10
National Cyber Security Centre
Printable version

Protective DNS service for the UK public sector

NCSC is working with partners to provide the UK public sector with a reliable DNS resolution service with some additional security benefits. The key benefit being that the service will aim to prevent public sector users from accessing domains known to be malicious, by simply not resolving them.

This service is one of the NCSC's Active Cyber Defence projects, where we are taking positive action to make it much harder for criminals to perpetrate or gain from cyber attacks in the UK. 

What is DNS?

The Domain Name System (DNS) is often referred to as 'the address book of the internet'. It turns memorable names that humans can use, into the IP addresses that computer systems use to locate each other. Every time you ask your computer to access a website, your computer uses DNS to translate the domain name of the site you wish to connect to (like 'ncsc.gov.uk') into the IP address it needs to establish a connection to it.

DNS isn't just used in response to user-initiated actions. It is used for the normal operation of the machine and its apps, but also in relation to the distribution and operation of malware. It is the use of DNS to support malware distribution and operations that we have built the Protective DNS service to address.

How protective DNS works

DNS is used by malware in the following ways:

  1. Distribution of malware typically occurs through phishing. When a user is tricked into clicking a link in a phishing email, their web browser will perform a DNS lookup.
  2. If a user already has malware present on their computer, then that malware will probably be calling back to a command-and-control server to collect instructions from the malware operator. These communications are normally initiated through a DNS lookup.

The Protective DNS service will simply be configured to not resolve any lookups for domains known to be used for malware distribution or operations.

For the service to remain effective it will need to be continually updated with knowledge of malicious domains. The NCSC will be combining a range of government, commercial and community sources to ensure the service benefits from the best possible information.

Accessing the service

The service is freely available to UK government and public sector organisations, via both the Internet and Public Services Network (PSN).

These users include, but are not limited to:

  • central government
  • devolved governments
  • local authorities
  • health authorities
  • emergency services
  • non-departmental public bodies

Configuring your organisation to use the service will be straightforward; it will simply be a matter of configuring your primary and secondary DNS servers to use the IP addresses of the Protected DNS service. These will be made available as the service is rolled out.

Funding and delivery

The NCSC is centrally funding the protective DNS service. It will be 'free at the point of use' to all UK government and public sector organisations that use it.

Since public sector organisations currently procure their own DNS resolution services, having a centralised service is expected to deliver significant cost savings across the public sector.

The service is being delivered in partnership with the Government Digital Service and with Nominet UK.

Further information

For more information on the protective DNS service, please read our FAQs or use our contact form.

 

Channel website: https://www.ncsc.gov.uk/

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.