DNS Firewall
DNS Firewall is a free public DNS (Domain Name System) service with additional security features. It differs from the usual DNS in that it has extra protection against cyber threats, such as fake banking websites, fraudulent trading platforms, websites distributing malicious code, and other harmful websites identified by the NKSC.
As the number of cyber fraud cases grows yearly, we offer a DNS firewall as a free tool for residents and organizations. After activation, it will prevent the users from accessing harmful Internet resources known to NKSC. This means that even if the link sent by the scammers is clicked, the user will not be harmed, as the malicious address will be blocked, and the user will be notified.
NOTE! The DNS firewall is currently in the pilot stage and will become fully operational in 2023. If you notice errors or malfunctions, please inform us by sending an email to [email protected].
Who can use the DNS firewall
It is a free tool, so all Internet users and organizations in Lithuania can use it without limitations.
How does the DNS firewall operate
Standard recursive DNS servers (Google, Cloudflare, OpenDNS, or your ISPs DNS servers) are designed to accept domain requests and map them to specific IP addresses, i.e., redirect to the Internet resources specified in the request (Figure 1).
Figure 1. Processing a request to a malicious site using a standard recursive DNS server
Meanwhile the DNS firewall has an additional security function, so it not only processes requests by directing users to the necessary IP addresses but first checks whether the Internet address is not included in the list of NKSC's known harmful Internet resources. If the address is on the list, the user is blocked from accessing malicious content and is informed about it (Figures 2 and 3).
Figure 2. Processing a request to a malicious website using a DNS firewall
Figure 3. An informational message indicating the reason for blocking the website
Harmful websites include:
- websites and/or Internet resources that are used for fraud and other illegal methods of collecting information (smishing, phishing, spear phishing, fraud, etc.);
- infected websites;
- websites that distribute malicious code and/or are used to control other cyber attacks;
- websites or resources that are blocked by the court's decision.
Other standard recursive DNS servers block only one of the above types of harmful websites - namely, court-ordered websites. Meanwhile, a DNS firewall blocks all types of malicious sites listed above. DNS firewall also provides standard functions such as:
- DNS connection encryption DoH (DNS over HTTPS) and DoT (DNS over TLS). DNS requests are encrypted, which helps ensure greater privacy.
- Additional protection against falsification of DNS requests with DNSSEC (DNS Security Extensions). DNSSEC uses digital signatures to avoid potential DNS security vulnerabilities when attempting to spoof an Internet address allocation.
How to activate DNS firewall
Any internet user in Lithuania can use the DNS firewall after changing the device settings.
The IP addresses of DNS firewall are: 91.207.154.2, 91.207.155.2, doh.domreg.lt
Instructions for changing settings for some devices:
Changing the settings in Windows (LT)
Changing the settings in Windows (EN)
Changing the settings in MacOS
Changing the settings in Android
Setting up DNS firewalls and DoH on Apple devices
Setting up DoH functionality in web browsers
After activating the DNS firewall settings on the device, the list of blocked Internet addresses will be updated automatically after the NKSC amends the list.
The technological DNS firewall solution was developed and implemented by the Kaunas University of Technology Internet Services Center (DOMREG), which administers the .lt top-level domain and manages the domain name system (DNS) associated with it.
Neither NKSC nor DOMREG will collect the information of users who have activated the tool and will not monitor the browsing content in any way. The system will only automatically block known harmful Internet addresses.
The device user can opt out of the DNS firewall service at anytime.
NOTE! A DNS firewall user who decides to use this tool understands and agrees that there may be false positives when a website is blocked by mistake. NKSC, having learned about such a case, reacts as quickly as possible and removes discrepancies. A DNS firewall does not guarantee that all malicious websites will be blocked.
What to do if your website is blocked
A DNS firewall user or a website owner who notices a wrongly blocked website must notify the NKSC by emailing [email protected]. NKSC employees will evaluate the information and inform the inquirer about further actions in the shortest possible time:
- If the website was added to the list of blocked domains by mistake, it would be removed immediately, and the requester will be informed. Due to the working principles of the DNS firewall, the domain removal time and the domain unblocking time may differ, but it should not exceed 1 hour;
- If the website was added to the list of blocked domains due to harmful and/or malicious activity, the website owner must remove the harmful code and notify the NKSC by sending an email to [email protected]. NKSC staff will evaluate the information and decide whether to remove the domain from the list. The requester will be informed about the decision.
NKSC informs the hosting provider and the website owner about the harmful website (if their contacts are known).
How to report a malicious website
DNS firewall FAQ
1. What websites are blocked by the DNS firewall?
The DNS firewall created by NKSC and KTU DOMREG blocks harmful Internet resources known to NKSC, such as websites designed for data luring, unfair trade, distribution of malicious software code, hijacked websites, and websites blocked by a court's decision.
2. How does NKSC create a list of domains blocked by the DNS firewall?
This list is compiled by the NKSC based on received reports of observed malicious activity and data collected by automated means and court decisions. All cases are manually checked by NKSC specialists.
3. Is the DNS firewall more reliable than the security systems used by Internet providers?
Internet service providers only block harmful resources declared by a court decision.
Meanwhile, the DNS firewall, in addition, blocks the websites and/or Internet resources known to the NKSC that are used for fraud and other illegal methods of gathering information (smishing, phishing, spear phishing, fraud, etc.), hijacked websites, websites that spread malicious code (viruses) and/or are used to control other cyber attacks.
4. How does the DNS firewall offered by NKSC differ from other publicly available similar tools?
NKSC's DNS firewall differs from other similar publicly available tools in its operability and relevance for Lithuanian Internet users because after NKSC detects a new harmful Internet resource, it is added to the list of domains within a few minutes. This allows those who have activated the tool to gain protection against the latest resources used by cyber fraudsters. Also, the DNS firewall uses DNS connection encryption (DNS over HTTPS (DoH) and DNS over TLS (DoT)), which allows users to have more privacy.
5. Will someone be able to track my online activities after installing a DNS firewall?
Installing the DNS firewall, which uses DNS connection encryption, ensures greater privacy, thus reducing the likelihood that someone will track your actions on the Internet.
We also want to emphasize that NKSC only provides a list of blocked harmful websites and/or their resources. The DNS functionality and administration are provided by DOMREG. Neither NKSC nor DOMREG collects the information of users who have activated the tool and does not monitor the browsing content in any way.