DNS Firewall

DNS Firewall

NIC.LV in cooperation with CERT.LV (The Information Technology Security Incident Response Institution of the Republic of Latvia) have created a DNS (domain name system) Firewall.

The goal of the DNS Firewall is to protect its users from malicious content on the Internet, such as false banking websites, fraudulent e-trading platforms, virus-spreading websites, etc. The database of current cyberthreats is maintained and regularly updated by CERT.LV supplementing their own threat intelligence with information from a variety of other national and international sources. As CERT.LV also monitors and analyses cyber attacks of a regional nature (specific to Latvia), this firewall is the only DNS Firewall that can catch and block also locally targeted attacks.

This firewall provides you with an active protection – all requests to malicious sites are blocked and users are redirected to a safe landing page. Systems that have already been infected with the help of DNS Firewall can be detected more efficiently, therefore enables system administrators to quickly handle the consequences.

HOW DO I CONNECT TO DNS FIREWALL?

The DNS Firewall service is FREE of charge and automatically available to everyone that is already using NIC recursive DNS server – cache.nic.lv. If you are not yet using cache.nic.lv, but want to use the benefits of the DNS firewall you must change your DNS settings on your computer to:

IPv4: 91.198.156.20
IPv4: 194.8.2.2  

IPv6: 2001:678:84::  
IPv6: 2a02:503:8::  

After setting up NIC DNS IP address, open https://dnsmuris.lv and make sure that the DNS Firewall is enabled.

Technical background

The same way SPAM filter protects your e-mail address from junk mail, NIC.LV and CERT.LV DNS Firewall can protect its users from current and well known malicious web content.

This DNS Firewall is Domain Name Service Response Policy Zones-based (DNS RPZ). DNS RPZ is a technology developed In 2010 by the Internet System Consortium (ISC) (available since Bind version 9.8.) DNS RPZ is a method that allows the DNS server administrators to customise DNS information in order to provide modified answers to DNS requests. Network administrators can use DNS RPZ to essentially stop malware-infected hosts from reaching their command and control (C&C) servers by blocking DNS resolution to known malicious hosts and sites. By using it, you not only filter out malicious domain name requests, but also have the ability to collaborate and use third-party RPZ. This effectively turns a recursive DNS server into a DNS firewall.