Skip links and keyboard navigation

Protective DNS service

Learn about the benefits of using a Protective Domain Name System (DNS) service and determine if this service is right for your agency.

The Protective DNS service uses Response Policy Zone (RPZ) functionality to automatically provide blacklists to an agency’s DNS resolver to prevent access to suspicious sources on the internet. Using threat intelligence from the Queensland Government Cyber Defence Centre (CDC) and from the Australian Government, DNS resolving services are rapidly updated to proactively prevent agency staff from visiting malicious sites that could harbour malware.

Using this service enables our organisations to meet their obligations as specified under the Information security policy (IS18:2018) and improve cyber security maturity.

Business benefits

  • Contributes to enhancing the situational awareness for whole-of-government.
  • Utilising this service will assist organisations to detect and block lookups to known malicious IP addresses.
  • Provides rapid protection to emerging issues from multiple commercial, open source and bespoke threat feeds.
  • Provides agencies with an option for DNS Hosting and DNS Resolution to be managed by the CDC.

Technical capabilities

  • Includes DNS resolution forwarders which incorporate reputational blacklists using RPZ functionality.
  • Online reporting available.
  • 24x7 monitoring and detection.
  • Dual-site redundancy, High Availability (HA) with fail-over to raw.

All government agencies and related bodies are eligible to access this service.

Entity Type

Eligibility

Cost

Queensland Government Agencies

Eligible

No Cost

Statutory Bodies

Eligible

No Cost

Local Government

Eligible

No Cost

Government Owned Corporation (GOC)

Eligible

No Cost

The Protective DNS service is automatically enabled for agencies who use CITEC managed DNS servers. Agencies who do not use CITEC DNS servers can apply to start onboarding this service.

Apply to use this service

There are 2 steps to the application process.

1. Identify your IP Addresses. You will need to provide a static source IP (or NAT range for users) for each of your agency’s DNS name servers. If you are unsure of the external IP address details, open a commend prompt and type one of the following commands:

  • For Microsoft Windows systems, type: nslookup -q=TXT whoami.ds.akahelp.net
  • For Linux:systems: type: dig +short txt whoami.ds.akahelp.net

2. Complete the Protective DNS application form, ensuring you include the following in your form:

  • DNS server details
  • an email address for receiving DNS security reports (i.e. your security team)
  • organisational contact details for coordination of maintenance and support.

Implement this service

Visit Implement the Protective DNS service for instructions on how to set up and customise the service for your agency once you’ve been given access.