Working with our partners from Government Digital Services (GDS) and Nominet UK, we are providing the UK public sector with a reliable DNS service that offers a number of additional security benefits.
The key benefit is that the DNS service prevents public sector users from accessing domains known to be malicious, by simply not resolving them.
As described in the National Cyber Security Strategy, this service is one of the NCSC’s Active Cyber Defence projects, where we are taking positive action to make it much harder for criminals to perpetrate, or gain from, cyber-attacks in the UK.
This will contribute to improving the UK government's reputation for conducting business online and reduce the UK government's exposure to online fraud.
What is DNS?
The Domain Name System (DNS) is often referred to as 'the address book of the internet'. It turns memorable names that humans can use into the IP addresses that computer systems use to find each other. Every time you ask your computer to access a website, your computer uses DNS to translate the domain name of the site you wish to connect to (like 'ncsc.gov.uk') into the IP address it needs to make the connection (like 126.96.36.199).
DNS isn't just used in response to user-initiated actions like viewing a website, it’s used for everyday machine-initiated actions like getting software updates. Unfortunately, it's also plays a part in the distribution and operation of malware. We built the UK public sector DNS service to stop the use of DNS for malware distribution and operation.
DNS can be used by malware for:
Distribution - Malware is usually distributed through phishing. When a user is tricked into clicking a link in a phishing email, their web browser performs a DNS lookup to connect to the infrastructure hosting the malware.
Operation - If a user already has malware present on their computer, that malware will probably use DNS to connect to the command-and-control servers that the malware operator uses to issue instructions.
The UK public sector DNS service protects users simply by being configured to not resolve any lookups for domains known to be used for malware distribution or operation.
The service informs and supports UK government cyber incident response functions to manage the impact of cyber-attacks.
For the service to remain effective it will be continually updated with knowledge of malicious domains. The NCSC uses a range of government, commercial and community sources to ensure the service benefits from the best possible information.
Further malicious sites will be identified by observing anomalous behaviour in DNS traffic.
Using the service
The NCSC is centrally funding the DNS service so it’s ‘free at point of use’ for all UK government and public sector organisations.
The service will be available from the internet in April 2017 and from the Public Services Network (PSN) later in the year, following migration and decoupling from legacy PSN core services.
Since most public sector organisations currently procure their own DNS services, this centralised service will deliver significant cost savings across the public sector.
Organisations that can use the DNS service include, but are not limited to:
The service is not intended to be used by private industry, individual home users, or non-UK organisations.
Getting your organisation to use the service is straightforward. You need to:
For more details on the DNS service you can use the UK public services DNS support tool, contact us or read the gov.uk blog post.