Protective DNS service for the UK public sector

11 Nov 2016 11:33 AM

NCSC is working with partners to provide the UK public sector with a reliable DNS resolution service with some additional security benefits. The key benefit being that the service will aim to prevent public sector users from accessing domains known to be malicious, by simply not resolving them.

This service is one of the NCSC's Active Cyber Defence projects, where we are taking positive action to make it much harder for criminals to perpetrate or gain from cyber attacks in the UK. 

What is DNS?

The Domain Name System (DNS) is often referred to as 'the address book of the internet'. It turns memorable names that humans can use, into the IP addresses that computer systems use to locate each other. Every time you ask your computer to access a website, your computer uses DNS to translate the domain name of the site you wish to connect to (like 'ncsc.gov.uk') into the IP address it needs to establish a connection to it.

DNS isn't just used in response to user-initiated actions. It is used for the normal operation of the machine and its apps, but also in relation to the distribution and operation of malware. It is the use of DNS to support malware distribution and operations that we have built the Protective DNS service to address.

How protective DNS works

DNS is used by malware in the following ways:

  1. Distribution of malware typically occurs through phishing. When a user is tricked into clicking a link in a phishing email, their web browser will perform a DNS lookup.
  2. If a user already has malware present on their computer, then that malware will probably be calling back to a command-and-control server to collect instructions from the malware operator. These communications are normally initiated through a DNS lookup.

The Protective DNS service will simply be configured to not resolve any lookups for domains known to be used for malware distribution or operations.

For the service to remain effective it will need to be continually updated with knowledge of malicious domains. The NCSC will be combining a range of government, commercial and community sources to ensure the service benefits from the best possible information.

Accessing the service

The service is freely available to UK government and public sector organisations, via both the Internet and Public Services Network (PSN).

These users include, but are not limited to:

  • central government
  • devolved governments
  • local authorities
  • health authorities
  • emergency services
  • non-departmental public bodies

Configuring your organisation to use the service will be straightforward; it will simply be a matter of configuring your primary and secondary DNS servers to use the IP addresses of the Protected DNS service. These will be made available as the service is rolled out.

Funding and delivery

The NCSC is centrally funding the protective DNS service. It will be 'free at the point of use' to all UK government and public sector organisations that use it.

Since public sector organisations currently procure their own DNS resolution services, having a centralised service is expected to deliver significant cost savings across the public sector.

The service is being delivered in partnership with the Government Digital Service and with Nominet UK.

Further information

For more information on the protective DNS service, please read our FAQs or use our contact form.