Malware DNS Filtering - what is it and how does it affect you?
What on earth is Malware DNS filtering? It's something we do for our customers, but haven't really highlighted it before.
DNS.
DNS stands for 'Domain Name Service'. It's one of the oldest internet protocols out there and transforms names like 'bbc.co.uk' into actual IP addresses. It's like a telephone book for the internet.
Every time you open your web browser, or your mail client, or anything that interacts with the internet - it fires off these requests to figure out where things are. Each client will fire off these queries for every new site you visit. So there could be hundreds - or thousands - per client. Per day.
Clearly, if this doesn't work, then your internet doesn't work. You might be able to 'ping' 8.8.8.8 (Google's DNS server), but unless you can resolve names to addresses, nothing will work.
DNS Service.
We obviously understood the need for good, powerful DNS. And what we do is have one of the best DNS specialists in Europe - https://whalebone.io - sort this out for us. Our router in your home calls their service - usually hosted on some of our kit in major transmission sites and at the Brightsolid data center in Aberdeen - for their DNS queries. The faster the DNS query is resolved, the faster your connection will appear. It's no use having fibre to the client if your DNS service is slow.
Malware
So Malware is the nasty crap that 'bad actors' attach to websites and emails - viruses, trojans, and so forth. All the nasties. Now the code that they get onto your machine (if they get by your virus scanner and firewalls) - needs to talk to the bad actors Command and Control server, somewhere on the internet. That way, it can pick up instructions, upload your data, and so forth.
On the internet, there's a continuous 'Spy vs Spy' battle going on where the Malware writers create new Malware and Command and Control servers, and the malware hunters try and block them.
The Malware hunters quickly identify command and control servers and add them to a on-line database of known 'baddies'.
DNS Malware Filtering
Whalebone then use this list on a daily basis, building up lists of known baddies in its DNS database, and either 'audits' (Lets through with warnings) or 'blocks' these, depending on severity.
What this means to us, is that most kinds of malware, once it lands on the customers machines, is neutered - as they cannot communicate with their Command and Control servers.
Why do we DNS Malware Filter.
This is something I've only really seen in major corporations or government departments before - it would appear that even the largest internet providers here in the UK do not do.
So when we went hunting for a good DNS service and found they did this as well - we thought 'why would we NOT filter malware DNS?'
This is an example where a small, agile internet provider can provide far better service than the big budget operators.
Now - a word of warning. If you decide NOT to use the default DNS service we provide - then of course this bypasses all these controls. And of course this is only one layer of the customers machines defence - you should also have good anti-virus and firewalls on your machine.
The alternative is that some bad actors then encrypt all your information on a ransomware attack, and hold your own data hostage.
Hopefully, this helps you understand some of the work we do behind the scenes in order to make your service the best it can be.