Protective Domain Name Service (PDNS)

PDNS is designed to protect networks from malicious websites by looking up the IP address of sites that a system tries to access against a blacklist of suspicious sites and blocking access to them.

Official government PDNS solutions are not available globally and where they are access will be restricted to sensitive institutions.  In the UK the service is free and access can be granted to government, Ministry of Defence and NHS bodies.  The equivalent system in the USA is available to those with existing access to secure Department of Defence information.

An organisation will need to apply to use the UK PDNS.  Changes will then need to be made to the local network DNS entries so that domain resolution requests point to the PDNS server IP addresses.  At the resolution end requests will only be processed if the sender’s IP has been added to their PDNS records.  For workers who need to use PDNS remotely and are not accessing websites from within listed router addresses a PDNS Digital Roaming application (or its specific equivalent) is required.  In the UK this solution only works on Windows 10. UK access to PDNS can be verified by accessing the test page which will report if the PDNS system is accessible.

The concept behind PDNS is not restricted to government level access.  Commercial organisations offer a similar service.  The NSA identified 9 candidate commercial PDNS solutions in February 2021 all of whom met common standards for PDNS solutions.  These included blocking malware and phishing domains and some means of customising device or network policies.  Limited versions of some of these services are available for free but any benefits or constraints should be considered before adopting them.

Any solution requires that the database of IP addresses to block be kept up to date with new records added and false positives removed.  This depends on the resources of the organisation hosting the service together with reports and feedback from users and possibly some degree of machine learning.  As it is IP addresses that are blocked not domain names the process is ideal for blocking multiple domains running on the same IP address.  This is a common and legal practice that can be demonstrated by reverse IP lookup.  For example at the time of writing there are 26 domains, including kindus.co.uk sharing the same IP address.

A criminal might take advantage of a shared IP by running multiple domains each with a slight variation of some well-known name to spoof the original from the same address.  Any suspect activity will risk the reputation of other sites sharing that IP.  This is already the case where activity on one site can lead to blocks and warnings from providers such as Google affecting traffic to others sharing the same IP address.  With a PDNS solution access to some legitimate sites may be blocked together with suspect sites on that same IP address.

Unwarranted blocks can be avoided by investing in the more expensive dedicated IP option.  With a shared IP the site owner will need to deal with the domain provider, site host and ssl certificate provider to move to another IP address.  These entities are often the same body but that may not be the case.  Providers will usually warn site owners if they have concerns but it is good practice to regularly check that sites are running properly and that Google searches are returning a site as unsafe .

More from Security

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

28/10/2024

Zero-Day Attacks

In October 2024 Google Mandiant reported on 138 exploited vulnerabilities since 2023.  They concluded there had been an increase in the number and speed …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories