National Cyber Security Centre
Protective DNS service for the UK public sector
NCSC is working with partners to provide the UK public sector with a reliable DNS resolution service with some additional security benefits. The key benefit being that the service will aim to prevent public sector users from accessing domains known to be malicious, by simply not resolving them.
This service is one of the NCSC's Active Cyber Defence projects, where we are taking positive action to make it much harder for criminals to perpetrate or gain from cyber attacks in the UK.
What is DNS?
The Domain Name System (DNS) is often referred to as 'the address book of the internet'. It turns memorable names that humans can use, into the IP addresses that computer systems use to locate each other. Every time you ask your computer to access a website, your computer uses DNS to translate the domain name of the site you wish to connect to (like 'ncsc.gov.uk') into the IP address it needs to establish a connection to it.
DNS isn't just used in response to user-initiated actions. It is used for the normal operation of the machine and its apps, but also in relation to the distribution and operation of malware. It is the use of DNS to support malware distribution and operations that we have built the Protective DNS service to address.
How protective DNS works
DNS is used by malware in the following ways:
- Distribution of malware typically occurs through phishing. When a user is tricked into clicking a link in a phishing email, their web browser will perform a DNS lookup.
- If a user already has malware present on their computer, then that malware will probably be calling back to a command-and-control server to collect instructions from the malware operator. These communications are normally initiated through a DNS lookup.
The Protective DNS service will simply be configured to not resolve any lookups for domains known to be used for malware distribution or operations.
For the service to remain effective it will need to be continually updated with knowledge of malicious domains. The NCSC will be combining a range of government, commercial and community sources to ensure the service benefits from the best possible information.
Accessing the service
The service is freely available to UK government and public sector organisations, via both the Internet and Public Services Network (PSN).
These users include, but are not limited to:
- central government
- devolved governments
- local authorities
- health authorities
- emergency services
- non-departmental public bodies
Configuring your organisation to use the service will be straightforward; it will simply be a matter of configuring your primary and secondary DNS servers to use the IP addresses of the Protected DNS service. These will be made available as the service is rolled out.
Funding and delivery
The NCSC is centrally funding the protective DNS service. It will be 'free at the point of use' to all UK government and public sector organisations that use it.
Since public sector organisations currently procure their own DNS resolution services, having a centralised service is expected to deliver significant cost savings across the public sector.
The service is being delivered in partnership with the Government Digital Service and with Nominet UK.
Latest News from
National Cyber Security Centre
Advisory: Turla group exploits Iranian APT to expand coverage of victims22/10/2019 11:15:00
A joint report from the NCSC and NSA highlighting Turla activity.
UK and US intelligence exposes Turla group attack21/10/2019 17:08:00
Turla revealed as exploiting Iranian hacking tools and techniques to attack dozens of countries.
Alert: Mass credential harvesting phishing campaign active in the UK18/10/2019 16:23:00
The NCSC is investigating an automated, ongoing, widespread credential-harvesting phishing campaign currently affecting the UK
New-look CyberFirst Girls Competition goes regional17/10/2019 09:15:00
The introduction of regional semi-finals give girls the opportunity to test their cyber skills against those of local rivals for the first time.
Surge in female applicants for cyber security courses08/10/2019 15:51:00
The NCSC has revealed new figures highlighting an increase in the amount of girls applying for cyber security courses.
Advisory: Exim mail server vulnerabilities07/10/2019 12:10:00
Hundreds of UK organisations at risk of compromise due to Exim mail server vulnerabilities
UK and Singapore sign IoT security pledge04/10/2019 11:15:00
Ciaran Martin explains why he is so pleased to have signed an agreement to strengthen the partnership between the UK and Singapore on the security of internet-connected devices.
Vulnerabilities exploited in VPN products used worldwide03/10/2019 16:15:00
APTs are exploiting vulnerabilities in several VPN products used worldwide.