US security agencies issue guidance on protective DNS service

In the USA, the National Security Agency and the Cybersecurity and Infrastructure Security Agency have issued guidance on the selection of a protective domain name system (DNS) service (PDNS). The guidance notes the importance of protecting users’ DNS queries, and explains that PDNS functions as a security service that analyses DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture. PDNS has the ability to classify domain names based on threat intelligence; it can identify, for instance, phishing domains used to host applications that maliciously collect personal or organisational information, domains serving malicious content or used by threat actors to command and control malware, and programmatically generated domain names that are used by malware to circumvent static blocking. The document outlines the benefits and risks of using a PDNS service, and offers several examples of related cybersecurity best practices.