{"id":11397,"date":"2025-04-04T15:31:23","date_gmt":"2025-04-04T22:31:23","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=11397"},"modified":"2025-04-05T10:55:58","modified_gmt":"2025-04-05T17:55:58","slug":"disrupting-fast-flux-and-much-more-with-protective-dns","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/","title":{"rendered":"Disrupting Fast Flux and Much More with Protective DNS"},"content":{"rendered":"<p>A recent cybersecurity advisory <sup>(1)<\/sup> from the Cybersecurity and Infrastructure Security Agency (CISA) discussed the use by threat actors of a DNS technique known as fast flux. CISA encouraged \u201cservice providers, especially Protective DNS (PDNS) providers, to help mitigate this threat by taking proactive steps to develop accurate, reliable, and timely fast flux detection analytics and blocking capabilities for their customers\u201d.  <\/p>\n<p>Infoblox is aware of fast flux, a technique first described nearly two decades ago, and our protective DNS solutions protect customers from threat actors who use the technique. As the CISA advisory notes, distinguishing fast flux from legitimate network activity is extremely difficult. Infoblox incorporates dozens of algorithms, including ones that consider IP variation, into our detectors for suspicious domains.  <\/p>\n<p>This advisory has gained a great deal of coverage in the media and raised questions from our customers. We will address those concerns in this response blog. <\/p>\n<h3>What is fast flux?  <\/h3>\n<ul class=\"list-spacing\">\n<li>It is the rapid changing of DNS records, typically A and NS records, in order to avoid IP blocking. Originally described in 2007 by researchers, it has been used by various actors since then but is not considered common. <\/li>\n<\/ul>\n<h3>How hard is fast flux to detect?  <\/h3>\n<ul class=\"list-spacing\">\n<li>Fast flux is the malicious use of legitimate mechanisms for load balancing and operating a global network efficiently. As the advisory admits, distinguishing fast flux from legitimate traffic is extremely difficult. Without a global perspective across many DNS networks, as Infoblox has, a single detection method is likely to cause regrettable false positives. Infoblox began research into fast flux over a decade ago and we are very familiar with the pitfalls a provider can encounter. We have included IP diversity, as suggested by the advisory, for years.  <\/li>\n<\/ul>\n<h3>How can my network be protected against actors that use fast flux?  <\/h3>\n<ul class=\"list-spacing\">\n<li>This technique aims to maintain malicious infrastructure by distributing it across many IP addresses, but the domain names stay the same. The protective DNS solution should block suspicious and malicious domains with a high degree of efficacy regardless of the techniques used by the threat actor to ensure continuous operations.  A good measure of this ability is the protection before impact, meaning how often the protective DNS provider blocks a domain *before* your organization makes a query.      <\/li>\n<\/ul>\n<h3>Will I see fast flux in my network?   <\/h3>\n<ul class=\"list-spacing\">\n<li> Fast flux is not a common deliberate technique, although it has been reported in the last few years to be used by Russian APT actors. However, there are many legitimate uses of dynamic DNS, the fundamental concept behind fast flux. Because DNS responses are cached, the chances that an individual organization will see evidence in their network will heavily depend on the operation. In our experience, it is rare and is mitigated by domain blocking.   <\/li>\n<\/ul>\n<h3>What threat actor techniques should I worry about?    <\/h3>\n<ul class=\"list-spacing\">\n<li>The use of adtech to advance all manner of malicious activity, including credential theft reported as initial access to major data breaches over the past year, is alarming and underreported. Threat actors are both abusing legitimate adtech companies, but also founding their own adtech companies, to create an ecosystem in which the true nature of their activity is well hidden. Protective DNS providers should be aware of these trends and have strong mechanisms in place to identify and track these threat actors. While there is growing awareness of the role of adtech, specifically traffic distribution systems (TDS) in the attack chain, the domains used by these actors remain largely undetected by most major security vendors.   <\/li>\n<\/ul>\n<p>The recent CISA advisory on fast flux shines a light on the importance of blocking malicious activity at the DNS layer. By using protective DNS solutions, enterprises and individuals can be safeguarded from all manner of threats in a very cost-effective way.  Over the past years, we blocked over 75% of all threat domains prior to the very first DNS query from our customers, with success rates exceeding 90% in most individual customer networks. Whether the actor uses fast flux, domain generation algorithms, CNAME obfuscation, or traffic distribution systems to hide their operations, we\u2019ve got it covered. <\/p>\n<h3 style=\"font-size: 18px;\">Footnotes<\/h3>\n<ol style=\"font-size: 14px;\">\n<li><a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa25-093a \" target=\"_blank\"><strong>https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa25-093a <\/strong><\/a><\/li>\n<\/ol>\n<style>\n.dash-list li{\n    list-style-type: none !important;\n}\n.dash-list li::before {\n    content: \"- \";\n    margin-right: 4px;\n  }\n.savy-seahorse-table {\nfont-size:14px;\nword-break: keep-all;\n}\n.savy-seahorse-table td:last-child, .savy-seahorse-table th:last-child {\npadding-right:10px;\n}\n.code-format {\n\tfont-family: 'Courier New';\n}\n.image-caption {\n    font-size: 12px;\n}\n.list-spacing li{margin-bottom:20px}\n.img-container, .img-container-3-col {\ndisplay: flex;\nflex-wrap: wrap;\njustify-content: space-between;\n}\n.img-container img {\nwidth: 49%;\nmargin-bottom: 10px;\n}\n.img-container-3-col img {\nwidth: 30%;\nmargin-bottom: 10px;\n}\n@media (max-width: 767px) {\n.img-container, .img-container-3-col {\ndisplay: block;\n}\n.img-container img, .img-container-3-col img {\nwidth: 100%;\n}\n}<\/p>\n<\/style>\n<p><script>\njQuery('.single h1').html('Disrupting Fast Flux and Much More with <span class=\"gradient\">Protective DNS<\/span>');\n<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recent cybersecurity advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) discussed the use by threat actors of a DNS technique known as fast flux. CISA encouraged \u201cservice providers, especially Protective DNS (PDNS) providers, to help mitigate this threat by taking proactive steps to develop accurate, reliable, and timely fast flux detection analytics [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":11405,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254,2],"tags":[1210,930,1148,902,740],"class_list":{"0":"post-11397","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"category-security","9":"tag-fast-flux","10":"tag-cybercrime","11":"tag-malicious-adtech","12":"tag-tds","13":"tag-protective-dns","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Disrupting Fast Flux and Much More with Protective DNS<\/title>\n<meta name=\"description\" content=\"A recent cybersecurity advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) discussed the use by threat actors of a DNS technique known as fast flux. CISA encouraged \u201cservice providers, especially Protective DNS (PDNS) providers, to help mitigate this threat by taking proactive steps to develop accurate, reliable, and timely fast flux detection analytics and blocking capabilities for their customers\u201d.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Disrupting Fast Flux and more advanced tactics\" \/>\n<meta property=\"og:description\" content=\"A recent Cybersecurity Advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) notified organizations, Internet service providers (ISPs), and cybersecurity service providers about the threat posed by fast flux enabled malicious activities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-04T22:31:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-05T17:55:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Disrupting Fast Flux and more advanced tactics\" \/>\n<meta name=\"twitter:description\" content=\"A recent Cybersecurity Advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) notified organizations, Internet service providers (ISPs), and cybersecurity service providers about the threat posed by fast flux enabled malicious activities.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Disrupting Fast Flux and Much More with Protective DNS\",\"datePublished\":\"2025-04-04T22:31:23+00:00\",\"dateModified\":\"2025-04-05T17:55:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/\"},\"wordCount\":693,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg\",\"keywords\":[\"Fast Flux\",\"Cybercrime\",\"Malicious AdTech\",\"TDS\",\"Protective DNS\"],\"articleSection\":[\"Infoblox Threat Intel\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/\",\"name\":\"Disrupting Fast Flux and Much More with Protective DNS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg\",\"datePublished\":\"2025-04-04T22:31:23+00:00\",\"dateModified\":\"2025-04-05T17:55:58+00:00\",\"description\":\"A recent cybersecurity advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) discussed the use by threat actors of a DNS technique known as fast flux. CISA encouraged \u201cservice providers, especially Protective DNS (PDNS) providers, to help mitigate this threat by taking proactive steps to develop accurate, reliable, and timely fast flux detection analytics and blocking capabilities for their customers\u201d.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg\",\"width\":612,\"height\":408},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/disrupting-fast-flux-and-much-more-with-protective-dns\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Disrupting Fast Flux and Much More with Protective DNS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Disrupting Fast Flux and Much More with Protective DNS","description":"A recent cybersecurity advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) discussed the use by threat actors of a DNS technique known as fast flux. CISA encouraged \u201cservice providers, especially Protective DNS (PDNS) providers, to help mitigate this threat by taking proactive steps to develop accurate, reliable, and timely fast flux detection analytics and blocking capabilities for their customers\u201d.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/","og_locale":"en_US","og_type":"article","og_title":"Disrupting Fast Flux and more advanced tactics","og_description":"A recent Cybersecurity Advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) notified organizations, Internet service providers (ISPs), and cybersecurity service providers about the threat posed by fast flux enabled malicious activities.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/","og_site_name":"Infoblox Blog","article_published_time":"2025-04-04T22:31:23+00:00","article_modified_time":"2025-04-05T17:55:58+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_title":"Disrupting Fast Flux and more advanced tactics","twitter_description":"A recent Cybersecurity Advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) notified organizations, Internet service providers (ISPs), and cybersecurity service providers about the threat posed by fast flux enabled malicious activities.","twitter_image":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Disrupting Fast Flux and Much More with Protective DNS","datePublished":"2025-04-04T22:31:23+00:00","dateModified":"2025-04-05T17:55:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/"},"wordCount":693,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg","keywords":["Fast Flux","Cybercrime","Malicious AdTech","TDS","Protective DNS"],"articleSection":["Infoblox Threat Intel","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/","name":"Disrupting Fast Flux and Much More with Protective DNS","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg","datePublished":"2025-04-04T22:31:23+00:00","dateModified":"2025-04-05T17:55:58+00:00","description":"A recent cybersecurity advisory (1) from the Cybersecurity and Infrastructure Security Agency (CISA) discussed the use by threat actors of a DNS technique known as fast flux. CISA encouraged \u201cservice providers, especially Protective DNS (PDNS) providers, to help mitigate this threat by taking proactive steps to develop accurate, reliable, and timely fast flux detection analytics and blocking capabilities for their customers\u201d.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blog-thumnail-Disrupting-Fast-Flux-with-Predictive-Intelligence.jpg","width":612,"height":408},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/disrupting-fast-flux-and-much-more-with-protective-dns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Disrupting Fast Flux and Much More with Protective DNS"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/11397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=11397"}],"version-history":[{"count":15,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/11397\/revisions"}],"predecessor-version":[{"id":11414,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/11397\/revisions\/11414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/11405"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=11397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=11397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=11397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}