{"id":13846,"date":"2026-07-02T08:00:08","date_gmt":"2026-07-02T15:00:08","guid":{"rendered":"https:\/\/www.infoblox.com\/blog\/?p=13846"},"modified":"2026-07-02T05:09:03","modified_gmt":"2026-07-02T12:09:03","slug":"residential-proxies-why-dns-is-the-stronger-play","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/residential-proxies-why-dns-is-the-stronger-play\/","title":{"rendered":"Residential Proxies: Why DNS Is the Stronger Play"},"content":{"rendered":"<p>Our threat intelligence team recently published a detailed analysis of residential proxy abuse\u2014tracking the actors, mapping the infrastructure and documenting the scale at which these networks are being exploited. It is excellent research, and if you haven\u2019t read it, you should. But I want to make an argument that goes beyond what threat intelligence alone can do, because I think the more important conversation is about what we can actually prevent.<\/p>\n<p>Threat intelligence tells you what is happening. DNS tells you what happens next\u2014and more importantly, it is the layer where you can stop it.<\/p>\n<h3>What Residential Proxies Actually Are<\/h3>\n<p>A residential proxy routes internet traffic through a real consumer IP address\u2014a home broadband connection, a mobile device, a domestic router. For the recipient of that traffic, it looks entirely legitimate. It passes every IP reputation check. It bypasses geolocation filtering. It looks, to every downstream control, like an ordinary person browsing the web.<\/p>\n<p>That is enormously useful to threat actors. State-sponsored groups use residential proxies to conduct intelligence operations behind a veil of legitimacy. Ransomware operators use them to route command-and-control traffic through infrastructure that won\u2019t trigger IP blocklists. Credential thieves use them to run large-scale stuffing attacks against corporate VPNs and government portals without triggering rate limits.<\/p>\n<p>The National Cyber Security Centre\u2019s (NCSC) April 2026 advisory on APT28 made this concrete in a way that should concern everyone in the security community: Russian military intelligence has been systematically compromising U.K. consumer customer premise equipment (CPE) devices\u2014routers, gateways, set-top boxes\u2014to build residential proxy infrastructure at scale. The subscriber doesn\u2019t know. The ISP can\u2019t see it at the IP layer. And the intelligence operation runs undetected behind a pool of legitimate British residential addresses.<\/p>\n<h3>The Three Ways Devices Get Enrolled<\/h3>\n<p>It is worth being precise about how residential proxy networks are built, because the countermeasures depend on the enrollment vector.<\/p>\n<p>The first is the hostile-state CPE compromise scenario described above, exploiting default credentials and unpatched firmware to turn subscriber gateway hardware into a relay node.<\/p>\n<p>The second is the malicious SDK route. Our research into the Kimwolf threat actor documented how proxy-monetization SDKs, embedded in widely distributed consumer apps and browser extensions, silently enroll devices as proxy endpoints. The user thinks they\u2019re getting a free VPN. The proxy operator is selling their IP address and bandwidth\u2014and in the Kimwolf case, using the enrolled device to probe local enterprise networks for further vulnerable targets.<\/p>\n<p>The third is the deceptive-but-voluntary route\u2014free privacy tools, ad blockers and \u201csecure browsing\u201d extensions that are upfront (in the small print) about using your connection in exchange for the free service, but where meaningful consent is effectively absent.<\/p>\n<p>Each of these enrollment vectors has a DNS signature. And that is where the opportunity lies.<\/p>\n<h3>Why DNS Is the Right Layer<\/h3>\n<p>Every residential proxy operator, regardless of how they have structured their infrastructure, shares a single dependency: they must operate domains. Enrollment endpoints, tasking channels, persistence mechanisms, the entire operational architecture of a residential proxy network runs on DNS. Enrolled devices query those domains to register, to receive instructions, to relay traffic, to phone home.<\/p>\n<p>This creates an exploitable chokepoint that no other security layer can match. If a device cannot resolve the domain names associated with proxy operator control infrastructure, it cannot be enrolled, cannot be tasked and cannot be maintained as a proxy endpoint. Blocking at the DNS layer requires no endpoint access. It doesn\u2019t depend on identifying the malicious process. It works regardless of whether the device is managed or unmanaged, patched or unpatched, enterprise or consumer.<\/p>\n<p>This is the case for Protective DNS (PDNS) as the primary countermeasure, not instead of threat intelligence, but built on top of it. Intelligence identifies proxy operator infrastructure during its staging phase, before it has been used against any victim. PDNS converts that intelligence into a block at the resolver level, applied across every device that resolves through the protected infrastructure. The intelligence and the enforcement mechanism are not separable, but it is the enforcement that creates the protection.<\/p>\n<h3>The Two Conversations Governments Need to Have<\/h3>\n<p>There are really two distinct problems here, and governments need to address both.<\/p>\n<p>The first is about employees of public sector and critical infrastructure organizations. A government worker connecting to a corporate system from home, on a network where the CPE has been quietly enrolled as a proxy endpoint by APT28, is issuing DNS queries that are being resolved by adversary-controlled infrastructure. Nothing about the device has been compromised. No malware has been installed. The attack exploits the implicit trust that every operating system places in the DNS resolver advertised by the local network.<\/p>\n<p>The fix is conceptually simple: ensure managed government devices only resolve DNS through verified, trusted PDNS infrastructure, using encrypted DNS transport\u2014DNS over TLS or DNS over HTTPS\u2014that prevents interception even when the underlying network is hostile. This is what Zero Trust DNS means in practice. Not identity-based access controls for applications. Not endpoint compliance checks. DNS itself, locked down to a trusted resolver that cannot be circumvented by a compromised gateway.<\/p>\n<p>The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-81r3, published in March 2026, now recommends exactly this for U.S. federal systems. The same logic applies to every government network in every jurisdiction.<\/p>\n<p>The second conversation is about citizens. Ordinary people cannot be expected to manage their own DNS security. The answer here is ISP-level PDNS\u2014a resolver service provisioned to subscribers by their ISP that filters out proxy operator infrastructure, malicious domains and command-and-control endpoints before any connection is established. The subscriber does nothing differently. The protection is automatic. And crucially, the DNS telemetry generated by an ISP resolver monitoring millions of subscriber queries is the most valuable national-scale detection resource for residential proxy compromise that currently exists.<\/p>\n<h3>The Evidence Is Already In: Ukraine and Latvia<\/h3>\n<p>Sceptics might argue that ISP-level PDNS at national scale is a concept rather than a proven reality. The evidence from two allied nations suggests otherwise, and the results are striking.<\/p>\n<p>Ukraine implemented its national PDNS in 2023, deploying it across more than 320 Ukrainian internet service providers to provide DNS-layer phishing filtering for all subscribers. The results were immediate. Ukrainian citizens reported a 30 to 40 percent reduction in financial phishing fraud in the first month of operation alone. Not in the first year. In the first month.<\/p>\n<p>Latvia has gone further. At CYBERUK 2026 in Glasgow, the U.K. government\u2019s premier cybersecurity conference, Baiba Kaskina, general manager of CERT.LV, Latvia\u2019s national cybersecurity authority, delivered what amounted to a challenge to every government and regulator in the room.<\/p>\n<div style=\"border: 1px solid #000000;padding: 15px;margin-bottom: 20px;\">\n<em>\u201cInternet service providers see all the devices online\u2014they can make a real difference. In Latvia, our DNS firewall blocked about 2.5 billion malicious requests in three months.\u201d<\/em><br \/>\n\u2014 Baiba Kaskina, General Manager, CERT.LV\u2014CYBERUK 2026\n<\/div>\n<p>2.5 billion. In three months. From a country of under two million people.<\/p>\n<p>Neither of these programs is experimental. They are operational, measurable and directly applicable to larger nations with more complex ISP ecosystems. Estonia and Lithuania operate equivalent programs. The Baltic states have collectively demonstrated that national ISP PDNS works\u2014not in theory, but in practice, with outcomes that any government seeking to disrupt residential proxy networks and protect citizens from DNS-based fraud should find impossible to ignore.<\/p>\n<p>The question for governments and regulators and governments in other countries is not whether ISP-level PDNS is technically feasible. It demonstrably is. The question is whether there is the political will to require it.<\/p>\n<h3>The Role of Regulators and Policymakers<\/h3>\n<p>The residential proxy threat does not resolve itself through voluntary action. The evidence from every national PDNS deployment to date is that regulatory mandate or government funding is the critical enabler. ISPs have legitimate business reasons to be cautious about implementing new DNS infrastructure\u2014operational cost, complexity and concerns about government overreach on subscriber traffic are all real factors. Without a clear regulatory signal, the commercial incentive to act is weak.<\/p>\n<p>This is where regulators and policymakers have a specific, non-delegable role.<\/p>\n<p>For communications regulators, the residential proxy problem provides a compelling, evidence-backed rationale for DNS security obligations within telecommunications security frameworks. The model already exists: ISPs are required to block child sexual abuse material at the DNS layer in multiple jurisdictions. The extension of that DNS-layer enforcement obligation to known proxy operator infrastructure, malicious domains and residential proxy API endpoints is technically straightforward and legally analogous.<\/p>\n<p>The U.K.\u2019s Telecoms Security Act and the Code of Practice developed under it create exactly the kind of framework within which such obligations can be established. Measure M24.05, which requires providers to block anomalous or potentially malicious CPE activity, is directly applicable to the DNS hijacking and CPE compromise described in the NCSC\u2019s APT28 advisory. An ISP operating PDNS at the resolver level is the network-level control that implements that measure. Ofcom has the tools. The question is whether it will use them.<\/p>\n<p>For national governments and cyber policy bodies, the ask is similarly specific. PDNS should be positioned not as an optional security enhancement but as a baseline national security infrastructure control, as NIST SP 800-81r3 now formally recommends. Government PDNS for public sector agencies should be extended and deepened. National PDNS via ISP infrastructure should be actively funded, mandated or incentivized. And the passive DNS telemetry generated by ISP resolvers should be recognized as a national intelligence asset, with governance frameworks that enable its contribution to national threat intelligence pools without creating disproportionate privacy risks for subscribers.<\/p>\n<p>The HardenStance Telco Strategies for Consumer Security 2026 report identifies Protective DNS as the fastest-growing consumer security service being deployed by telecommunications operators globally, with over 80 network-based security contracts awarded in 2023\u20132025, more than endpoint security and home router security combined. The market is forecast to exceed $600 million by 2030. Regulatory drivers are explicitly identified as the primary factor behind this momentum. Policy shapes markets. The market is ready to move.<\/p>\n<h3>The Role of Security Services and Law Enforcement<\/h3>\n<p>Threat intelligence without a law enforcement consumer is analysis in a vacuum. One of the most significant but least discussed dividends of national ISP PDNS is what it does for security services and law enforcement, not just as a protective measure, but as an intelligence and investigation platform.<\/p>\n<p>When a national PDNS service is deployed across ISP infrastructure, it becomes, in effect, a nationwide threat intelligence sensor network. Every DNS query blocked, every residential proxy API endpoint queried from a subscriber device, every anomalous query pattern consistent with CPE compromise\u2014all of this generates telemetry that, properly aggregated and analyzed, provides security services with a near\u2013real-time picture of the national threat landscape that no other single data source can match.<\/p>\n<p>For security services like the Government Communications Headquarters (GCHQ), the National Security Agency (NSA) and their Five Eyes partners, this telemetry is operationally significant. The APT28 advisory documented a systematic campaign of CPE compromise targeting U.K. residential infrastructure. The ability to detect anomalous DNS patterns from compromised subscriber devices at ISP resolver level\u2014patterns consistent with proxy enrolment, command-and-control DNS signaling and the specific proxy operator infrastructure that Infoblox Threat Intel has catalogued\u2014gives security services an early warning capability that endpoint monitoring and perimeter controls cannot provide.<\/p>\n<p>For law enforcement, the value is equally concrete. Residential proxy infrastructure is the operational backbone of ransomware, investment fraud, credential theft and access broker operations. Disrupting those networks requires being able to identify them: to map proxy operator infrastructure, detect compromised subscriber devices and attribute proxy activity to specific threat actors and criminal organizations.<\/p>\n<p>DNS telemetry from national PDNS deployments provides law enforcement with exactly this capability. The patterns are observable. The DNS evidence is forensically robust. And Infoblox Threat Intel\u2019s DNS infrastructure analysis, which tracks proxy operator domains through registration patterns, name server configurations and infrastructure clustering during the staging phase, provides the pre-attack intelligence picture that operational law enforcement targeting requires.<\/p>\n<p>The Kimwolf investigation is a concrete example of this workflow. By tracking the DNS signaling domains that Kimwolf operators used to task enrolled proxy endpoints, Infoblox researchers were able to map the threat actor\u2019s infrastructure, identify the residential proxy services they relied upon and provide indicators enabling blocking across customer environments. The same analytical approach, applied to telemetry from a national ISP PDNS service, would provide law enforcement with a continuously updated map of the residential proxy ecosystem as it operates against a specific nation\u2019s subscriber base.<\/p>\n<p>This is the broader strategic case for national PDNS that goes beyond citizen protection. It is the case for PDNS as the platform that turns DNS from a vulnerability into a national intelligence asset.<\/p>\n<h3>What Infoblox Can Do<\/h3>\n<p>Infoblox Threat Defense\u2122 is built for exactly this architecture. For government agencies and enterprises, it provides PDNS enforcement with a false positive rate of 0.0002% and detection of 90 percent of threats before the first query is ever seen by a victim, on average 68 days ahead of the rest of the industry. For ISPs and national programs, it provides the resolver infrastructure and passive DNS telemetry capability to operate protection at subscriber scale.<\/p>\n<p>Infoblox Threat Intel, the research engine behind that protection, contributes a preemptive signal that reactive intelligence cannot: by analyzing domain registration patterns, name server behavior, certificate characteristics and infrastructure clustering during the staging phase of proxy operator operations, we identify and block proxy infrastructure before it is weaponized. The Kimwolf research is an example of this in action. The intelligence and the enforcement are two halves of the same capability.<\/p>\n<p>Threat intelligence that identifies residential proxy operators is valuable. But standing alone, without the DNS enforcement layer to act on it, it is a description of a problem rather than a solution to one. The complete answer is PDNS, backed by high-quality DNS-focused threat intelligence, deployed at government agency level for managed devices and at ISP level for citizens\u2014closing the DNS resolution pathways that make residential proxy networks viable, and generating the national-scale telemetry that makes the intelligence picture whole.<\/p>\n<div style=\"border: 1px solid #000000;padding: 15px;margin-bottom: 20px;\">\n<em>\u201cDNS is not one piece of the residential proxy response. For most victims, in most scenarios, it is the most powerful piece available. That is the case we are making to governments.\u201d<\/em>\n<\/div>\n<p>Craig Sanderson is principal cybersecurity strategist at Infoblox. Infoblox Threat Intel research on residential proxy abuse, including the Kimwolf investigation, is available at <a href=\"https:\/\/infoblox.com\/threat-intel\">infoblox.com\/threat-intel<\/a>. The Infoblox technical and policy briefing on residential proxies and DNS is available on request.<\/p>\n<style>\n.code-format {\nfont-family: 'Courier New';}.image-caption {    font-size: 12px;}.list-spacing li{margin-bottom:20px}ol.list-spacing > li::marker {    font-weight: 700;}.entry-content ul.list-spacing ul > li {    list-style-type: square;}h3.footnotes{font-size:18px;}.footnotes-listing{font-size:14px;}<\/style>\n<p><script>\njQuery('.single h1').html('<span class=\"gradient\">Residential Proxies<\/span>: Why DNS Is the Stronger Play');\n<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our threat intelligence team recently published a detailed analysis of residential proxy abuse\u2014tracking the actors, mapping the infrastructure and documenting the scale at which these networks are being exploited. It is excellent research, and if you haven\u2019t read it, you should. But I want to make an argument that goes beyond what threat intelligence alone [&hellip;]<\/p>\n","protected":false},"author":177,"featured_media":13848,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[1774,40,740,1775],"class_list":{"0":"post-13846","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-residential-proxies","9":"tag-threat-intelligence","10":"tag-protective-dns","11":"tag-dns-threats","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Residential Proxies: Why DNS Is the Stronger Play<\/title>\n<meta name=\"description\" content=\"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Residential Proxies: Why DNS Is the Stronger Play\" \/>\n<meta property=\"og:description\" content=\"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play\" \/>\n<meta property=\"og:url\" content=\"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-02T15:00:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Craig Sanderson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Residential Proxies: Why DNS Is the Stronger Play\" \/>\n<meta name=\"twitter:description\" content=\"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Craig Sanderson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/\"},\"author\":{\"name\":\"Craig Sanderson\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#\\\/schema\\\/person\\\/01dc95aed5cb12cffacb64848b7f24ca\"},\"headline\":\"Residential Proxies: Why DNS Is the Stronger Play\",\"datePublished\":\"2026-07-02T15:00:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/\"},\"wordCount\":2427,\"publisher\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg\",\"keywords\":[\"Residential Proxies\",\"Threat Intelligence\",\"Protective DNS\",\"DNS Threats\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/\",\"url\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/\",\"name\":\"Residential Proxies: Why DNS Is the Stronger Play\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg\",\"datePublished\":\"2026-07-02T15:00:08+00:00\",\"description\":\"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg\",\"width\":612,\"height\":408},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/security\\\/residential-proxies-why-dns-is-the-stronger-play\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Residential Proxies: Why DNS Is the Stronger Play\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#website\",\"url\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/#\\\/schema\\\/person\\\/01dc95aed5cb12cffacb64848b7f24ca\",\"name\":\"Craig Sanderson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/craig-sanderson-96x96.png\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/craig-sanderson-96x96.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/craig-sanderson-96x96.png\",\"caption\":\"Craig Sanderson\"},\"description\":\"Craig Sanderson is the Principal Cyber Security Strategist at Infoblox. Craig has over 25 years of experience in the CyberSecurity industry with a broad array of roles ranging from consultancy, security architecture, business development and product management. Over the last seven years, Craig has been responsible for creating the vision, strategy and delivered the execution of the Infoblox BloxOne Threat Defense solution. He continues to be passionate about the role that DNS can play in delivering world class cyber security with a particular emphasis on how DNS can become the foundation for national and governmental Protective DNS solutions\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/craig-sanderson\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Residential Proxies: Why DNS Is the Stronger Play","description":"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/","og_locale":"en_US","og_type":"article","og_title":"Residential Proxies: Why DNS Is the Stronger Play","og_description":"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play","og_url":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/","og_site_name":"Infoblox Blog","article_published_time":"2026-07-02T15:00:08+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg","type":"image\/jpeg"}],"author":"Craig Sanderson","twitter_card":"summary_large_image","twitter_title":"Residential Proxies: Why DNS Is the Stronger Play","twitter_description":"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play","twitter_image":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg","twitter_misc":{"Written by":"Craig Sanderson","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/#article","isPartOf":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/"},"author":{"name":"Craig Sanderson","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#\/schema\/person\/01dc95aed5cb12cffacb64848b7f24ca"},"headline":"Residential Proxies: Why DNS Is the Stronger Play","datePublished":"2026-07-02T15:00:08+00:00","mainEntityOfPage":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/"},"wordCount":2427,"publisher":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#organization"},"image":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg","keywords":["Residential Proxies","Threat Intelligence","Protective DNS","DNS Threats"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/","url":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/","name":"Residential Proxies: Why DNS Is the Stronger Play","isPartOf":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#website"},"primaryImageOfPage":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/#primaryimage"},"image":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg","datePublished":"2026-07-02T15:00:08+00:00","description":"Residential proxies are a significant concern with nation states and organized crime leveraging them for a range of activities. DNS has the potential to play a major role in detection and mitigation of these threats. Regulators, policy makers and organizations should understand why DNS is the stronger play","breadcrumb":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/residential-proxies-why-dns-is-the-stronger-play-thumbnail.jpeg","width":612,"height":408},{"@type":"BreadcrumbList","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/security\/residential-proxies-why-dns-is-the-stronger-play\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/live-infoblox-blog.pantheonsite.io\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/live-infoblox-blog.pantheonsite.io\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Residential Proxies: Why DNS Is the Stronger Play"}]},{"@type":"WebSite","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#website","url":"https:\/\/live-infoblox-blog.pantheonsite.io\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/live-infoblox-blog.pantheonsite.io\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#organization","name":"Infoblox","url":"https:\/\/live-infoblox-blog.pantheonsite.io\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/#\/schema\/person\/01dc95aed5cb12cffacb64848b7f24ca","name":"Craig Sanderson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/craig-sanderson-96x96.png","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/craig-sanderson-96x96.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/craig-sanderson-96x96.png","caption":"Craig Sanderson"},"description":"Craig Sanderson is the Principal Cyber Security Strategist at Infoblox. Craig has over 25 years of experience in the CyberSecurity industry with a broad array of roles ranging from consultancy, security architecture, business development and product management. Over the last seven years, Craig has been responsible for creating the vision, strategy and delivered the execution of the Infoblox BloxOne Threat Defense solution. He continues to be passionate about the role that DNS can play in delivering world class cyber security with a particular emphasis on how DNS can become the foundation for national and governmental Protective DNS solutions","url":"https:\/\/www.infoblox.com\/blog\/author\/craig-sanderson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/13846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/177"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=13846"}],"version-history":[{"count":6,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/13846\/revisions"}],"predecessor-version":[{"id":13853,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/13846\/revisions\/13853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/13848"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=13846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=13846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=13846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}