DNS Firewall : Response Policy Zone

DNS Firewall (DNS RPZ):    
Filter and block bad domains… at the DNS level

What is DNS RPZ?

Threat Intelligence on known malicious sites (malware, ransomware, bots, etc) is packaged into data Zones that are consumed by a DNS resolver to bock access to known malicious sources on the internet.  Fast, timely updates (every 1 minute) enable an advanced layer of protection for all users, all applications, and all protocols.  

A highly effective and critical choke point against ongoing attacks such as ransomware, and malware, RPZ blocks both incoming and outgoing malicious sources from entering a network.

Turn your DNS Caching Resolver into a tool to help protect your network from malware, ransomware, phishing._

  • Critical Choke Point – Any user, Any protocol, any Application using the Internet will use DNS.  
  • Stop connections to known bad domains on the Internet.  Period.
  • Elegant way to deploy dynamic threat intelligence
  • Customizable, and highly dynamic.
  • A highly effective and critical choke point against ongoing attacks such as ransomware and malware, RPZ blocks both incoming and outgoing malicious sources from entering a network.

Fast accurate up to date Threat Data

Timely updates – every 120 seconds 

Clientless

Secondary layer of security – at DNS level !

Protect users … applying threat intelligence data… typically well before other security layers can apply this intelligence.

Advanced, multi protocol, easy to implement.  Excellent layer to defend against malware, spear phishing etc

How Does DNS RPZ Work?

  • add DNS RPZ data from Spamhaus and SURBL
  • directly into your dns resolver
  • Continuous updates every 1-2 minutes, 24x7x365
  • no updates to end users, or devices
  • protects every user, application and protocol in your network 
    everyone and everything that uses the internet 

When users attempt to access websites a five-step process takes place:

  1. The user clicks on a link or enters the URL of the site they want to reach into their browser.
  2. A DNS resolver queries the local DNS server for a record.
  3. The DNS server finds a matching IP address. The Berkeley Internet Name Domain (BIND) is a popular open-source software used to translate domain names into IP addresses.
  4. The DNS server returns the IP address to the DNS resolver.
  5. The user’s web browser now contacts the website using its IP address.

If the website that the user is trying to get to is malicious, it can allow cybercriminals to gain a foothold in your corporate network. They can steal your intellectual property, alter or encrypt data for financial gain, install spyware, or add computers to botnets. In some cases, it can lead to a total compromise of the corporate network. 

Who can use RPZ?

  • ISP’s
  • Hosting Providers
  • Enterprises
  • Universities
  • RPZ can easily be implemented on many open-source DNS platforms…   BIND v9.8+ has native support for RPZ
    Easily added to most DNS resolver / appliances 

Why Use DNS RPZ

Improved protection for users !

Fast, up to date coverage against new/current threats
– Malware, phishing, ransomware

Network based, agent less, security – ease of updates, up to date protection

Identify Infected Users

Better protection, reduced tech support

Fast updates 

Low costs

All of the devices in your network must contact your DNS resolvers to reach the outside world, and the DNS RPZ uses secure and fast zone transfer technologies to put a domain blacklist into your DNS resolver. The data on this list is automatically updated every 1 to 2 minutes, ensuring that you have access to the most up-to-date information to prevent users from visiting known malicious domains, including newly registered domains and known bad IP addresses, keeping your business and your customers protected.

The DNS response policy zone (RPZ), also known as a DNS firewall, blocks the resolution of known, malicious domains at the DNS resolver/lookup. The DNS RPZ starts with a filter to check if the domain is known to be malicious and if it’s a known bad website. Then the DNS RPZ protects users from visiting that site with warning messages, blocking, and quarantine. This turns your DNS caching resolver into a tool that helps protect your network from malware, bots, spyware, and other cyber threats.

The DNS RPZ is similar to an anti-spam DNSRBL, but offers greater degrees of scaling and speed. This highly dynamic and customizable tool offers a critical choke point to prevent users from accessing known malicious websites. The DNS RPZ also helps to prevent data loss by disrupting communications between C&C servers and infected botnet nodes on your network.

Want to try DNS RPZ for your business?