NSA, CISA release protective DNS info

The National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity information sheet, “Selecting a Protective DNS Service” on March 4. This publication details the benefits of using a Protective Domain Name System (PDNS), which criteria to consider when selecting a PDNS provider, and how to effectively implement PDNS.

The Domain Name System (DNS) is a key component of the internet’s resilience. It makes navigating a website, sending an email, or making a secure shell connection easier by translating domain names into Internet Protocol addresses. PDNS is a security service that uses existing DNS protocols and architecture to analyze DNS queries and mitigate threats. Its core capability is leveraging various open source, commercial, and governmental threat feeds to categorize domain information and block queries to identified malicious domains. This provides defenses in various points of the network exploitation lifecycle, addressing phishing, malware distribution, command and control, domain generation algorithms, and content filtering. PDNS can log and save suspicious queries and provide a blocked response, delaying or preventing malicious actions – such as ransomware locking victim files – while enabling an organization to investigate using those logged DNS queries.

This Cybersecurity Information Sheet provides a compiled summary of the services by different PDNS providers. This information is provided to help NSA and CISA’s customers to analyze which provider may meet their needs, and it does not recommend or endorse any of the products specifically.  Customers looking to implement PDNS should choose a reputable PDNS provider and take care to understand how the provider will use any customer data.

This product includes lessons learned from a NSA PDNS pilot, where NSA partnered with the Department of Defense Cyber Crime Center to offer several members of the Defense Industrial Base PDNS as a service. Over a six-month period, the PDNS service examined more than 4 billion DNS queries to and from the participating networks, blocking millions of connections to identified malicious domains.

Source: NSA