Yandex launches public DNS service with malicious URL filtering

The company is working with some hardware vendors to create router firmware with built-in support for the service

Russian Web search firm Yandex launched a public DNS (Domain Name System) resolution service on Thursday that leverages the company's existing website scanning technology to block access to malicious and adult-rated sites.

The DNS acts like a phone book for Internet domain names. Before accessing any website, a computer must first find out its corresponding numerical Internet Protocol (IP) address. This is done by querying servers that act as DNS resolvers.

By default, most computers use the DNS resolvers of their ISP, but they can be easily configured to used third-party DNS servers. Companies that provide public DNS resolution services include Google and OpenDNS, which offers additional options like malicious URL filtering and parental controls.

Yandex's new service is accessible via three separate IP addresses, each of them determining a different level of filtering.

Yandex.DNS Standard (77.88.8.8) provides completely unfiltered access, Yandex.DNS Secure (77.88.8.88) blocks access to harmful websites, while Yandex.DNS Family (77.88.8.7) blocks adult content websites in addition to infected and phishing websites.

Interested users can manually configure their computers, wireless access points, routers or mobile devices to use the service by following instructions on Yandex's site -- currently only available in Russian. However, the company is also working with home router manufacturers to create customized firmware that have a built-in option to use Yandex.DNS.

Such firmware has already been released for several router models from ZyXEL's Keenetic series and work is being done to release it for D-Link's DIR-615 and DIR-620 models, which are popular in Russia.

Yandex.DNS is primarily directed at Web users in Russian-speaking countries like Russia, Ukraine, Kazakhstan and Belarus where the company's Web search and other services have a large market share.

The DNS service can technically be used from anywhere in the world, but at the moment, using it from other countries might slow down Internet connections because the DNS servers are based in Russia, Yandex spokesman Vladimir Isaev said Thursday via email. For the long term, there are plans to also deploy DNS servers in the company's data center in Amsterdam, which would decrease latency for users in Europe, he said.

As far as detecting and blocking access to malicious websites goes, Yandex.DNS uses the behavior-based anti-malware technology also used by the company's Web search engine to flag potentially harmful links in search results.

"We have great knowledge of dangerous/adult websites in Russian, Turkish and English," Isaev said. However, the company is not sure of how well its technology would work for detecting malicious and adult-rated Web content other languages when compared to other DNS-based services available on the market, he said.

Some users favor Google's public DNS service over OpenDNS's because the latter responds with a custom search page when users try to access a non-existent domain name.

Yandex.DNS does not currently do that, Isaev said. However, the company is considering adding a search box to the warning pages displayed by the service when blocking access to a website, he said.

Yandex has launched a series of new products and services in recent years in order to remain competitive and preserve its market share lead over Google in Russia.

For example, last year the company released its own Web browser based on Google Chrome. Also, the company's website scanning technology is offered as a stand-alone library called Yandex Safe Browsing API, which is similar to how Google makes its own Google Safe Browsing API available for integration into third-party applications.

Tags: Internet-based applications and services, Google, online safety, security, Networking, Access control and authentication, internet, Yandex, OpenDNS

Netcraft tool flags websites affected by Heartbleed

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]

Comments

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Security and Compliance Solutions

Manage and visualize the security and compliance of VMware, physical, and hybrid-cloud infrastructure from the RSA Archer eGRC Platform.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.