Protect vital services with Protective DNS

A new approach to securing Government and Critical National Infrastructure

Cyber security is difficult. Attackers hold many advantages and there are no silver bullets. It’s hard enough if you’re small, even more so if you’re big. How do you protect an entire Government, industry or supply chain? Traditional cyber security approaches won’t cut it. If you’re big, protection at scale – moving the needle – is the name of the game. Designed to protect vital public services, Protective DNS solutions are built into the country’s digital infrastructure, proven to work at scale and easy to deploy. 

What is a Protective DNS Solution?

Every connection between an organisation’s network and the world wide web is present in the DNS (Domain Name System) traffic. This includes visiting a web address in your browser as well as machine-initiated actions, such as a software update. In other instances, it could be a malicious connection.

Nominet’s Protective DNS solutions are designed to intercept when malicious activity is occurring in the DNS traffic and are based around a recursive resolver. Built to answer DNS queries (including those over DoH and DoT), the recursive resolver does not resolve a query if the domain is known to be malicious. Protection is provided against malware, ransomware, phishing attacks, viruses, spyware at source, and malicious sites. They also stop malware already on end devices from ‘calling home’ mitigating the damage of an attack.

Nominet's Protective DNS


Specifically designed for Governments


World-class threat intelligence


Discovery of malicious activity


Blocking of malicious connections


Enable governments to enact early incident response


Offer informed guidance to the public sector

  • Proven resiliency at a national scale
  • Storing, aggregating, managing, and securing vast amounts of data
  • Digital Roaming capability to offer protection away from the office network
  • Threat intelligence curated for the Government audience from commercially available, open source and proprietary threat feeds
  • This feeds into a set of rules – a codified database or Response Policy Zone (RPZ) – for how DNS response should be modified in the instance that malicious activity is detected
  • Minimal false positives
  • A team of DNS specialists, data scientists and security experts sit behind the scenes to evolve the solution
  • Incident analysis, including identifying specific threat actors and advising on severity and remediation
  • Full service-wrap delivered by local dedicated teams
  • Bespoke support and reporting
  • Service stretches across onboarding, deployment, training and troubleshooting through the user hub, to marketing support spreading awareness of the service
Learn more about Nominet's Protective DNS solutions

Download the brochure