Table of contents

Public Sector DNS

The service

The UK Public Sector DNS Service from NCSC is part of the Active Cyber Defence suite of services.

The service acts as a typical DNS resolver however includes a Response Policy Zone (RPZ) that is managed by NCSC and blocks resolution attempts to known-bad malicious DNS record (such as those used for phishing, malware distribution or command & control).

Where to use the service

The service can be used wherever a typical internet-facing DNS resolver is required. It can be used on end-user compute solutions (supporting laptops etc) through to in Infrastructure-as-a-Service (IaaS) environments such as AWS and Azure.

How to use the service


The service requires IP source address information to be provided to NCSC as while the solution is available on public IP space, it is not publicly available on the Internet for any organisation to use.

The Ministry of Justice (MoJ) is permitted to use the service for free as a central government organisation, but suppliers to MoJ currently are not.

Get started

Contact the MoJ Cyber Security team ( to be added into MoJ’s subscription of the service.


If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: