Skip to content

What is Protective DNS?

Protective DNS (PDNS) is a cybersecurity service that leverages the Domain Name System (DNS) to block or filter access to malicious or harmful domains. Protective DNS (PDNS) is a crucial cybersecurity service that fortifies network defenses by leveraging the DNS infrastructure. It intercepts DNS queries, analyzes domain requests in real-time, and blocks or filters access to malicious domains, safeguarding users and networks from cyber threats. By evolving DNS Security to Protective DNS Security, organizations are empowered to cut the first link in the kill chain, which is pivotal for thwarting DNS attacks.

Protective DNS (PDNS) emerges as a powerful security measure to combat evolving cyber attacks including malware, ransomware, DDoS attacks, and phishing threats. Unlike traditional methods, PDNS operates as a real-time security service, analyzing DNS queries to identify and block potential risks using DNS-centric threat intelligence. By identifying and blocking malicious domains based on threat data, PDNS effectively prevents access to known malicious or suspicious sites, providing phishing protection at the earliest stage of defense. EfficientIP’s Protective DNS solution has been recognized by NSA as a top Protective DNS Vendor for its phishing protection capabilities, in addition to its Domain Generation Algorithm (DGA) and malware protection algorithms.

The following sections of this glossary provide an extensive exploration of key terms and concepts integral to Protective DNS, underscoring their significance in enhancing network security and resilience.

Key aspects of Protective DNS:

  1. Threat Intelligence Integration: PDNS uses up-to-date threat intelligence to identify and block domains associated with malicious activities such as phishing, malware distribution, command and control (C2) servers, and other cyber threats.
  1. Real-time Protection: By intercepting DNS queries, PDNS can prevent users from accessing harmful sites in real-time. When a request for a malicious domain is made, the service responds with an error message or redirects the user to a safe page instead of resolving the domain.
  1. Network-wide Security: PDNS can be implemented at the network level, providing protection for all devices within an organization, including those that may not have individual security software installed.
  1. Visibility and Monitoring: It provides insights into the DNS requests made within the network, allowing organizations to monitor and analyze potential threats and suspicious activities.
  1. Policy Enforcement: Organizations can define and enforce policies on domain access, such as blocking access to specific categories of websites (e.g., gambling, adult content) to ensure compliance with corporate policies or regulatory requirements.
  1. Minimal Performance Impact: Since DNS queries are typically fast and lightweight, implementing PDNS generally does not significantly impact network performance.
  1. User Awareness: By preventing access to harmful sites, PDNS can help reduce the risk of user-induced security incidents, such as falling for phishing attacks or downloading malware.

Overall, Protective DNS is a proactive measure that enhances cybersecurity by leveraging the fundamental role of DNS in network communications to provide an additional layer of protection against a wide range of online threats.

Key Terminology

DNS (Domain Name System)

The Domain Name System (DNS) is a foundational component of the internet, translating human-readable domain names into IP addresses. PDNS operates within the DNS framework, intercepting DNS requests and responses to enforce security measures and protect against cyber threats.

DNS Resolver

A DNS resolver is a component responsible for receiving DNS queries from client devices and resolving domain names into IP addresses. In the context of PDNS, DNS resolvers play a pivotal role in implementing security policies and filtering malicious domains.

DNS Query

A DNS query is an inquiry made by a client device to a DNS resolver, seeking the IP address associated with a particular domain name. PDNS scrutinizes DNS queries to detect and prevent access to malicious domains, enhancing network security.

DNS Query

A DNS query is a specific type of DNS request sent by a client device to a DNS resolver to obtain information about a domain name. PDNS scrutinizes DNS queries to detect and prevent access to malicious domains, enhancing network security.

DNS Resolution

DNS resolution is the process of translating domain names into IP addresses by DNS resolvers. PDNS enhances DNS resolution by integrating threat intelligence feeds and real-time analysis to thwart cyber threats and protect users from accessing malicious content.

DNS Traffic

DNS traffic refers to the data exchanged between client devices and DNS resolvers during the domain resolution process. PDNS monitors DNS traffic, identifying anomalies and potential security threats to ensure comprehensive network protection.

DNS Responses

DNS responses are replies provided by DNS resolvers to client devices’ DNS queries, containing the requested information, such as IP addresses. PDNS examines DNS responses to validate domain legitimacy and block access to malicious sites.

Malicious Domain

A malicious domain is a website or domain associated with cyber threats, including malware distribution, phishing, and command and control (C2) servers. PDNS identifies and blocks access to malicious domains, mitigating the risk of cybersecurity incidents.

Malicious Website

A malicious website is a site designed to exploit vulnerabilities in users’ systems or distribute malware. PDNS employs content filtering and threat intelligence to identify and block access to malicious websites, preserving network integrity and user safety.

Threat Intelligence

Threat intelligence encompasses information about cybersecurity threats, including indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) employed by threat actors. PDNS integrates threat intelligence feeds to enhance threat detection and proactive defense against emerging cyber threats.


Real-time refers to the immediate processing and analysis of data as it occurs. PDNS operates in real-time, analyzing DNS queries and responses instantaneously to identify and mitigate security threats, ensuring prompt protection against cyberattacks.

Content Filtering

Content filtering is the process of restricting or blocking access to specific web content based on predefined criteria, such as categories or URLs. PDNS employs content filtering to prevent users from accessing malicious or inappropriate websites, bolstering network security.

Machine Learning

Machine learning is a branch of artificial intelligence (AI) that enables computer systems to learn from data and make predictions or decisions without explicit programming. PDNS leverages machine learning algorithms to enhance threat detection capabilities and adapt to evolving cyber threats.

DNS Hijacking

DNS hijacking is a cyber attack where attackers redirect DNS traffic to malicious servers, enabling them to control users’ access to legitimate websites or intercept sensitive information. PDNS incorporates DNS hijacking protection mechanisms to thwart such attacks and preserve DNS integrity.

DNS Rebinding Attack

A DNS rebinding attack is a type of cyber attack where attackers exploit vulnerabilities in web browsers to bypass the same-origin policy and access sensitive information or control connected devices. PDNS provides DNS rebinding protection to mitigate the risk of such attacks and safeguard network assets.

DNS Time to Live (TTL)

DNS Time to Live (TTL) is a value in DNS records that determines the lifespan of cached DNS data. PDNS adjusts TTL settings to optimize DNS resolution performance and ensure timely updates of DNS information, enhancing network efficiency and responsiveness.

Web Pages

Web pages are documents or resources accessible on the World Wide Web, typically containing text, images, and multimedia content. PDNS protects users from accessing malicious web pages by blocking access to associated malicious domains, preserving user security and privacy.

Webroot DNS Protection

Webroot DNS Protection is a comprehensive cybersecurity solution that includes Protective DNS capabilities. It safeguards networks and endpoints from cyber threats by blocking access to malicious domains and providing real-time threat intelligence and content filtering.

Protective DNS Service

A Protective DNS service offers robust cybersecurity protection by intercepting DNS queries, analyzing domain requests, and blocking access to malicious domains in real-time. It enhances network security, mitigates cyber threats, and safeguards users from online dangers.


Protective DNS emerges as a critical security service in safeguarding networks and users from evolving cyber threats. By integrating threat intelligence, real-time analysis, and advanced security mechanisms, Protective DNS enhances DNS resolution, mitigates risks associated with malicious domains, and fortifies network defenses against cyberattacks. The comprehensive exploration of key terms and concepts in this glossary underscores the importance of Protective DNS in modern cybersecurity strategies, empowering organizations to maintain a secure and resilient online environment.