Skip to main content
  • Cybersecurity

Protected DNS: the underrated tool for combatting cyberthreats

By Mark Brownlee

Multi-factor authentication. Strong passwords. Corporate firewalls.

These are the first words that come to mind when organizations think of organizational cybersecurity.

There’s another term that is just as important as these concepts but doesn’t get as much airtime as other cybersecurity mainstays: protected DNS.

Here’s why protected needs to be a major part of your strategy for combatting cyber threats.

What DNS is

Understanding protected DNS starts with understanding DNS (or, domain name system).

The common analogy people used to explain DNS was the “phone book of the internet”. But, since nobody really uses phone books anymore, we prefer to use an updated metaphor.

Instead, we like to think of DNS like a GPS for your car.

Let’s say you’re trying to get to a restaurant but you have no idea where it is. Typing the name of the restaurant into the GPS not only gives you the address, but it also does you one better: it provides a path for how to get there.

DNS is basically the same.

Let’s say we’re trying to get to the CIRA website. The DNS is what allows us to type into our browser and instantly be whisked to…

If it weren’t for DNS, we would need to remember that the IP address for the CIRA website is

We could maybe do that for one or two websites. But what if we had to do it for every website we ever wanted to visit?

It would be next to impossible.

Just as typing the name of a business into our car’s GPS allows us to quickly and easily get to where we’re going, the DNS is what allows us to type in a bunch of letters and instantly get to the site you’re trying to find.

What protected DNS is

Let’s dive further into our GPS metaphor for a second.

There are all kinds of different GPS tools out there: Google Maps, Apple Maps, Waze—the list is almost endless.

Some of them are good—they always find a way to get us to where we want to go in a way that dodges traffic. Some of them, such as the ones that seem to never find the right address or take us onto the busiest possible route, are not so good.

The same is true of DNS.

Believe it or not, the DNS has a variety of different ways to get you to where you need to go on the internet. These are called resolvers, each of which provides a different way to travel to different websites.

Some of these are basic DNS resolvers—they take you where you need to go without any bells or whistles. If you haven’t made any changes to the way you use the internet from your house, this is likely how you arrived at this blog post today.

Others are known as protected DNS resolvers. These still perform the basic function of DNS—getting you to the website you’re trying to access—but also include an element of protection.

Basically, it works like this: instead of taking you to any website you want to visit, protected DNS roots out sites that might be malicious (such as something that might lead to malware proliferating on your network) or even just unwanted (hello employees using Facebook during work hours).

Legitimate traffic flows through unimpeded. Unwanted traffic takes users to a block page.

Think of it (again) like GPS: when driving, there are lots of different ways to get to our destination. The worst GPS services will take us through a bad part of town or snarl us in traffic.

The best ones will keep us away from the places we’d be best off avoiding.

But how does protected DNS know which parts of the internet we need to avoid?

Through something called a threat feed.

How a threat feed works with protected DNS

Threat feeds are an integral part of protected DNS.

Think about it: it’s not enough to just block malicious websites. You also need to know which websites are malicious in the first place.

No one person has the capacity (or even the ability) to constantly keep up with every malicious website around the world. They change and shapeshift so fast it would be literally impossible.

That’s where a threat feed comes in.

A threat feed uses machine learning and artificial intelligence to block websites before they hit your networks and devices, allowing you to take advantage of what’s happening around the globe so you can protect your organization.

Say a cyber attack hits in Europe. A threat feed will take that information and use it to block similar attacks from hitting you.

Not only that, it will also use predictive analytics to root out attacks that haven’t even blossomed yet.

How protected DNS can help you

Protected DNS isn’t going to prevent every cyber attack from hitting your organization’s network and devices.

It is, however, a key tool for helping minimize the risk your organization faces.

Just consider how often the DNS gets used—do you know anyone who types in IP addresses to their web browser rather than domain names?—and you’ll get a sense for how impactful it can be.

The best part? You don’t even need to be a DNS expert to use it.

Looking to get started with protected DNS?

Learn more about CIRA’s protected DNS solution, DNS Firewall, here.

CIRA also provides protected DNS resolution for households in Canada through its Canadian Shield solution.

About the author
Mark Brownlee

Mark Brownlee is a Product Marketing Manager with CIRA Cybersecurity Services. His work, which focuses on the CIRA DNS Firewall and Canadian Shield products, is dedicated to helping protect people and organizations in Canada from cyber threats. His background is in marketing strategy, communications planning and advertising best practices.