In an era where cyber threats lurk behind every click, businesses and individuals are fighting an invisible enemy that exploits a fundamental weakness – the unprotected pathways of the internet’s address book, the Domain Name System (DNS).
DNS is the system that allows your computer to find the right websites when you browse online, and so protecting it should be a non-negotiable. Most organisations have some level of DNS protection in place, however, two terms are often mistakenly used interchangeably – DNS protection and protective DNS.
Despite their similarities, the terms are fundamentally different strategies with very different outcomes. Understanding that difference isn’t just a technical detail, it’s a critical step in building a pre-emptive cybersecurity strategy strong enough to hold up against complex, modern attacks.
DNS protection refers to securing the DNS infrastructure itself. It’s about ensuring that DNS systems stay secure and making sure they can’t be interfered with or used to hide malicious activity. The focus is on protecting servers and traffic – primarily from distributed denial-of-service (DDoS) attacks – so your internet experience remains safe, reliable, and private.
It’s a vital part of securing a network, but it doesn’t cover the full threat landscape which is expanding and becoming more intelligent.
Firstly, DNS protection is – by its nature – reactive, relevant and activated at the time of attack, not before. Secondly, as cyber criminals become more sophisticated, building networks, infrastructure, and droves of malicious domains, the sheer volume means organisations see a high volume of false positives, creating risk, fatigue and a lack of visibility for already under-pressure teams.
Modern protective DNS is the antidote to this. It identifies and blocks malicious software at the infrastructure level before an attack takes place. It catches the criminals when they’re organising their supplies, not after they’ve broken in. Malicious domains are identified with incredibly accuracy, meaning a false-positive rate of next to zero.
This prevents access to malware, ransomware, phishing attacks, viruses, malicious sites, and spyware at the source, making the network inherently, intelligently more secure. As any connected device in an organisation needs to make a DNS connection to operate, a protective DNS strategy can provide full visibility over every single device and stop any of them from connecting to malicious domains.
We can compare it to a gladiator fight – DNS protection is the shield given to gladiators to protect themselves from attack in the arena. Protective DNS is the sword in their other hand, enabling them to be proactive against their adversaries, not just defensive.
The legislative challenge
The importance of getting DNS security right has not gone unnoticed by governments around the world. The new NIST guidelines, published by the US National Institute of Standards and Technology, is titled Secure Domain Name Systems (DNS) Deployment Guide and outlines how to secure the DNS protocol and servers to mitigate the impacts of misuse and compromise.
The long-awaited new set of recommendations is a huge step forward for understanding just how critical DNS is for network security. The previous recommendations, published in 2013, only outlined its importance in the context of securing network communications. Now, it has rightfully been acknowledged as a crucial, foundational layer for network security.
Similarly, in the UK the National Cyber Security Centre issued important recommendations for private companies and government agencies to use Protective DNS to secure and protect networks in 2022.
Australia is moving in the right direction too. The Australian Signals Directorate (ASD) Essential Eight highlight DNS protection as a critical part of hardening strategies. The importance of DNS security has also been made clear in Division 2.1 of the Security of Critical Infrastructure (SOCI) Act 2018, which outlines DNS as a critical asset class.
While these recommendations show progress, we are still falling short when it comes to legislatively binding protocols for protective DNS. According to the United States National Security Agency (NSA), approximately 92 per cent of cyberattacks leverage DNS in their execution. This makes it crystal clear why protective DNS should be front and centre of cyber security legislation.
As the threats escalate and cybersecurity legislation continues to deepen and evolve in response, organisations that can demonstrate they are actively preventing, detecting, and responding to threats will be the ones that can stay ahead of the curve. This won’t be possible without the adoption of protective DNS, which will soon be a non-negotiable marker of due diligence.
DNS is a gatekeeper must be viewed as the absolute baseline for resilience, not an optional extra. It could mean the difference between an attempted attack and a breach with devastating consequences. You can’t have a robust, pre-emptive cybersecurity strategy without it.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
