Ministry of Justice
Public Sector DNS
The service
The UK Public Sector DNS Service from NCSC is part of the Active Cyber Defence suite of services.
The service acts as a typical DNS resolver however includes a Response Policy Zone (RPZ) that is managed by NCSC and blocks resolution attempts to known-bad malicious DNS record (such as those used for phishing, malware distribution or command & control).
Where to use the service
The service can be used wherever a typical internet-facing DNS resolver is required. It can be used on end-user compute solutions (supporting laptops etc) through to in Infrastructure-as-a-Service (IaaS) environments such as AWS and Azure.
How to use the service
Requirements
The service requires IP source address information to be provided to NCSC as while the solution is available on public IP space, it is not publicly available on the Internet for any organisation to use.
The Ministry of Justice (MoJ) is permitted to use the service for free as a central government organisation, but suppliers to MoJ currently are not.
Get started
Contact the MoJ Cyber Security team (security@justice.gov.uk) to be added into MoJ’s subscription of the service.
Feedback
If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: itpolicycontent@digital.justice.gov.uk.