Protective Domain Name System Services

Drive Down Risk | Protect DOD Information

Overview

NSA’s Cybersecurity Collaboration Center provides no-cost Protective Domain Name System (PDNS) services, infused with NSA’s unique threat intel, to protect critical Department of Defense (DOD) information held on Defense Industrial Base (DIB) company systems.

Frequently Asked Questions

Collapse All Expand All

Domain Name System (DNS) is the phone book of the Internet. It is central to the operation of the Internet and is the decentralized naming system that allows computers know how to reach one other. DNS makes navigating to a website, sending an email, or making a secure shell connection easier. It's also a key component of the Internet's resilience.

As with many Internet protocols, DNS was not built to withstand abuse from bad actors intent on causing harm.

Protecting the DNS queries is a key cyber defense because threat actors use domain names across the exploitation lifecycle. Users frequently mistype domain names while attempting to navigate to websites, and may be redirected unknowingly to a malicious site. From there, threat actors may exfiltrate data, conduct command and control operations, and install malware onto a user's system. 

Protective DNS adds a threat intelligence check against all DNS queries and answers to avoid or sinkhole malicious or suspicious domain resolutions. PDNS integrates easily with existing security architectures through a simple recursive resolver switch. Protective DNS analyzes DNS queries and takes action to avoid threat websites, leveraging the existing DNS protocol and architecture. 

The mission of the NSA Cybersecurity Collaboration Center is to secure the Defense Industrial Base against threats from malicious cyber actors. To quickly improve cybersecurity at scale, NSA is leveraging PDNS as a low-cost, high impact service that protects critical DIB endpoints from resolving queries to potentially malicious websites.  

Yes, PDNS augments existing solutions, such as email and endpoint security, to provide a more holistic cybersecurity umbrella. PDNS is easily deployed by pointing an organization's recursive resolver to the PDNS provider's DNS server.  

PDNS is easily implemented by changing the organization's recursive resolver to use the provider's DNS server. The service categorizes domain names based on threat intelligence. The servers leverage open source commercial and government information to identify known or suspected malicious threat sites. 

NSA's PDNS service is built on Akamai's GovShield architecture, combining commercial and government threat intelligence to provide best-in-class features to scale across mobile, cloud, and IoT hosts. This service enables customizable policies by group, deploys across hybrid architectures, includes a web interface dashboard, and leverages machine learning to augment threat feeds. Bolstering security across the enterprise, PDNS blocks malware and phishing domains, includes web content filtering and malware domain generation protection. 

If you have access to Department of Defense (DoD) information or are on an active DoD contract, you may qualify for this service. Visit nsa.gov/About/Cybersecurity-Collaboration-Center/PDNS or email us at dib_defense@cyber.nsa.gov to get started.