What is Protective DNS (PDNS)? (2024)

Table of Contents
Protective DNS (PDNS) Services Government Implementation in the UK Protective DNS (PDNS) Services for Remote Workers Protective DNS (PDNS) Domain Classifications Protective DNS (PDNS) Core Capabilities Protective DNS (PDNS) Solutions from Infoblox Learn More about Protective DNS (PDNS) from Infoblox

Protective DNS (PDNS) is any security service that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture. Protective DNS prevents access to malware, ransomware, phishing attacks, viruses, malicious sites, and spyware at the source, making the network inherently more secure.

PDNS uses Response Policy Zone (RPZ) functionality, a policy-based DNS resolver that returns answers based on policy criteria. The resolver checks both the domain name queries and the returned IP addresses against threat intelligence, leveraging real-time curated cyber threat insights from various public and private sources to form a list of sites with known malicious content. The DNS resolver then prevents connections to known or suspected malicious sites.

When the PDNS service encounters a malicious or suspicious query, it can respond in several ways. The PDNS may restrict access to the requested domain by returning an NXDOMAIN response, meaning no IP address for the queried domain. The PDNS can also redirect the request to an alternative default page with information that the original domain queried has been blocked. Finally, the PDNS may also “sinkhole” the domain, providing a custom response and preventing or delaying the execution of further cyber threats such as crypto blocking by ransomware or the use of command-and-control protocols. This last approach enables a cybersecurity response team to investigate or initiate infection hunting while a threat remains active.

See Also
DNS Leak Test: Find and Fix DNS Leaks | ExpressVPNDoes a VPN Protect You From Hackers? (2024) | ExpressVPN BlogWhat Is DNS Poisoning | DNS Spoofing | FortinetDNS Security Best Practices

Protective DNS (PDNS) Services Government Implementation in the UK

The National Cyber Security Centre (NCSC) in the UK created and manages a Protective DNS services solution to protect central government departments and other public sector organizations across the United Kingdom. The PDNS services are currently available at no cost to UK public organizations, including central government, local authorities, devolved administrations, emergency services, NHS organizations, and the Ministry of Defence. The service is one of the NCSC’s widely-deployed Active Cyber Defence capabilities.

Protective DNS (PDNS) Services for Remote Workers

Protective DNS services can provide high network security for remote workers because they can block malicious Internet activity upstream at the source. Remote users can connect to PDNS services using encrypted DNS over HTTPS (DoH) client network protocols, enabling end-users to benefit from end-to-end protection wherever they connect to the Internet.

Protective DNS (PDNS) Domain Classifications

A core capability of PDNS is the ability to categorize domain names based on threat intelligence. PDNS services typically leverage open source, commercial, and governmental information feeds of known malicious domains. These feeds enable coverage of domain names found at numerous points of the network exploitation lifecycle. Some solutions may also detect novel malicious domains based on pattern recognition. The U.S. NSA Cybersecurity & Infrastructure Security Agency (CISA) have outlined the types of domains typically addressed by a PDNS system as follows[i]:

  • Phishing: Sites known to host applications that maliciously collect personal or organizational information, including credential harvesting scams. These domains may include close lookalikes of common domains. PDNS can protect users from accidentally connecting to a potentially malicious link.
  • Malware distribution and command and control: Sites that are known to serve malicious content or used by threat actors to command-and-control malware. For example, these may include sites hosting malicious JavaScript®2 files or domains that host that collect private information for profiling. PDNS can block and alert on known malicious connection attempts.
  • Domain generation algorithms: Sites with programmatically generated domain names that malware uses to circumvent static blocking. Advanced malware – including some botnets – depends on communicating with command and control (C2) infrastructure. Cyber threat actors use domain generation algorithms (DGAs) for malware to circumvent static blocking – either by domain name or IP – through programmatically generating domain names. PDNS offers protection from malware DGAs by analyzing every domain’s textual attributes and tagging those associated with known DGA attributes, such as high entropy.
  • Content filtering: Sites whose content is in specific categories against an organization’s access policies. Although an ancillary benefit to malware protection, PDNS can use a categorization of various domains’ use cases (e.g., “gambling”) and warn or block at risk for a given environment.

Protective DNS (PDNS) Core Capabilities

  • Block new domains in real-time from the second of registration or creation.
  • Enable the delay in the resolution of domains with specific characteristics.
  • Control the number of potential domains allowed to attack an organization.
  • Collapse and harden all outbound DNS resolution at the time of a malware or ransomware incident.
  • Provide real-time and historical visibility into all outbound DNS traffic for incident response and analysis.

Protective DNS (PDNS) Solutions from Infoblox

Infoblox BloxOne Threat Defense provides hybrid protective DNS services to secure networks, devices, and users from cyberthreats on and off-premises. The solution analyzes DNS queries to detect and block malware communications, DNS-based data exfiltration, phishing, ransomware, and advanced threats such as DGAs (Domain Generation Algorithms) and lookalike domains. The solution leverages AI/Machine learning algorithms, and threat intelligence feeds to detect known and unknown threats for broader protection. It also helps with faster threat response by integrating with security ecosystem tools such as SIEM, SOAR, ITSM, vulnerability scanners, NAC, and endpoint security using APIs and native out-of-the-box integrations.

See Also
How Does VPN Security Work? Get a Secure VPN | ExpressVPN

Infoblox BloxOne Threat Defense provides the protective DNS services to secure networks, devices, and users.

Learn More about Protective DNS (PDNS) from Infoblox

  • BloxOne Threat Defense Advanced – Strengthen and Optimize Your Security Posture from the Foundation (Datasheet)
  • Protect Your Network, Brand, and Customers with Custom Lookalike Domain Monitoring (Solution Note)
  • Powering Security Orchestration, Automation and Response (SOAR) Solutions from the Foundation
  • Threat Intelligence (Solution Note)
  • DNS Security Resource Center – Response Policy Zones (RPZ) Overview

[i] Cybersecurity Information: Selecting a Protective DNS Service. US Cybersecurity Requirements Center, March 2021.

What is Protective DNS (PDNS)? (2024)
Top Articles
How Non-Tariff Barriers Affect International Selling (2023) - Shopify
Most Popular and Highest Selling Feet Pics to Boost Your Sales [Revealed]
Funny Roblox Id Codes 2023
Www.mytotalrewards/Rtx
San Angelo, Texas: eine Oase für Kunstliebhaber
Golden Abyss - Chapter 5 - Lunar_Angel
Www.paystubportal.com/7-11 Login
Gore Videos Uncensored
Craigslist Greenville Craigslist
Top Hat Trailer Wiring Diagram
World History Kazwire
R/Altfeet
George The Animal Steele Gif
Nalley Tartar Sauce
Chile Crunch Original
Teenleaks Discord
Immortal Ink Waxahachie
Craigslist Free Stuff Santa Cruz
Mflwer
Costco Gas Foster City
Obsidian Guard's Cutlass
Mission Impossible 7 Showtimes Near Marcus Parkwood Cinema
Sprinkler Lv2
Uta Kinesiology Advising
Kcwi Tv Schedule
Nesb Routing Number
Olivia Maeday
Random Bibleizer
10 Best Places to Go and Things to Know for a Trip to the Hickory M...
Receptionist Position Near Me
Black Lion Backpack And Glider Voucher
Gopher Carts Pensacola Beach
Duke University Transcript Request
Nikki Catsouras: The Tragic Story Behind The Face And Body Images
Kiddie Jungle Parma
Lincoln Financial Field, section 110, row 4, home of Philadelphia Eagles, Temple Owls, page 1
The Latest: Trump addresses apparent assassination attempt on X
In Branch Chase Atm Near Me
Appleton Post Crescent Today's Obituaries
Craigslist Red Wing Mn
American Bully Xxl Black Panther
Ktbs Payroll Login
Jail View Sumter
Thotsbook Com
Funkin' on the Heights
Caesars Rewards Loyalty Program Review [Previously Total Rewards]
Marcel Boom X
Www Pig11 Net
Ty Glass Sentenced
Game Akin To Bingo Nyt
Ranking 134 college football teams after Week 1, from Georgia to Temple
Latest Posts
Dragon Souls - The Elder Scrolls V: Skyrim Guide - IGN
How to Log In With No Password With the ssh-agent Command (System Administration Guide: Security Services)
Article information

Author: Melvina Ondricka

Last Updated:

Views: 5821

Rating: 4.8 / 5 (68 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Melvina Ondricka

Birthday: 2000-12-23

Address: Suite 382 139 Shaniqua Locks, Paulaborough, UT 90498

Phone: +636383657021

Job: Dynamic Government Specialist

Hobby: Kite flying, Watching movies, Knitting, Model building, Reading, Wood carving, Paintball

Introduction: My name is Melvina Ondricka, I am a helpful, fancy, friendly, innocent, outstanding, courageous, thoughtful person who loves writing and wants to share my knowledge and understanding with you.