Take over full control of your DNS traffic with seamless integration

For the first time in my career, I have experienced such a quick and seamless integration of security technology into the whole network.

Miloš Vodička, Head of IT, Aero Vodochody

Why Whalebone?

Whalebone Corporate monitors and lets you block external attacks. Furthermore, due to its flexibility, you don’t have to go through a complicated installation and setup process to protect your company.

Control of DNS traffic

Today DNS resolution is provided by your connectivity provider. Internally, there are no mechanisms to control it. Whalebone provides you with a full DNS resolver & DNS firewall, to get you back in control.

How will you deal with DNS over HTTPS?

First of all, there is misunderstanding about DNS over HTTPS, as everyone thinks all the applications will go directly to the cloud. That’s not true, and the major players like Google and Microsoft already stated they will honour the usual DNS flow, but they would like to secure it with a TLS layer. We support DNS over HTTPS on our resolver, and we are also proud members of the Encrypted DNS Initiative.

Does it work in an Active Directory environment?

Of course it does, most of our corporate deployments are integrated with Active Directory and there is nothing special about it. You’ll just configure the details about your domain names and Domain Controllers and the resolver will ensure everything works smoothly.

My ISP provides me DNS resolvers, why can’t I use these?

Because you don’t have any control over those resolvers, you know nothing about their state, patch level, configuration and who manages them. Having your own resolvers provides clear answers for your risk analysis.

Full visibility

Whalebone gives you a live audit and full visibility of the DNS traffic that traditionally flew under the radar. Look into any incident via the Whalebone fulltext traffic search.

What traffic details can I see in Whalebone?

Anything that happens on your network is visible in our portal, you can setup alerts to be notified in real-time and major events will be included in the regular report. You can search the DNS traffic via our fulltext search capability or setup machine-to-machine communication via our REST API. You can find anything that happens in your network.

Are there any DNS anomalies I should care about?

A lot of them actually. Machines trying a lot of randomly looking domains could be searching for their botnet Command&Control server using a Domain Generation Algorithm, a huge number of lengthy queries could point you to DNS tunnelling or a regular desktop sending MX queries is probably an infected machine sussing out what can be done on your network.

How long does it take before I can analyse the traffic?

Everything that happens on your network is available in a matter of seconds in our rich dashboards with drill down and fulltext searching capabilities. Combine multiple filters, move back in time, look for traffic of particular machines. Everything to empower your threat hunting efforts.

Clean DNS traffic

Whalebone makes sure the DNS protocol is used for its intended purpose only. Whalebone blocks DNS tunnelling, malware communication and verifies communication via DNSSEC.

Why should I care about DNS tunnelling if I block port 53 on the perimeter?

DNS tunnelling is much more than just sending data over port 53. Attackers use dedicated domains and fake authoritative servers to setup tunnels through a regular DNS resolution chain like client – domain controller – ISP resolver – attacker server. And no one on the way suspects a thing as everything works like regular DNS traffic. Advanced analysis has to be applied to disclose such behaviour.

I have antivirus and a firewall, why should I use Whalebone?

Antivirus is limited to supported systems. Moreover, antivirus on an already infected system has very little chance and can be blind. Perimeter firewalls and proxies are great in protecting against threats on HTTP/S and email, however, they don’t care about DNS protocol.

What is DNSSEC?

DNSSEC is a mechanism defined by an RFC to ensure the integrity of the DNS answers. As DNS protocol is not encrypted, it could be modified by anyone along the way. DNSSEC signs the answers and a DNSSEC enabled resolver is able to verify that the answer is valid and hasn’t been changed by a hacker trying to lure you to their fake servers.

Architecture designed for seamless integration

The combination of on-premises and cloud components makes it easy to fit into existing environments. Processing of alerts and anomalies in existing SIEM or log management and integration via API makes the most out of Whalebone.

Why should I have on-premises DNS resolvers and not just cloud?

Because the closer you place the resolver to your client devices, the lower the chance an attacker will be able to modify the traffic. And also you are able to see the very source IP address of every DNS request, which makes further analysis and response much easier.

Can I integrate Whalebone with SIEM or log management?

Of course, and we offer many ways to do it. You can consume logs via syslog, or gather them directly from the log files. The Whalebone team will provide you with parsing rules to make the integration with your SIEM plug and play. Should you want to consume just high level alerts and leave all the hard work to us, no problem, we will integrate just the alert outputs.

Can I use Whalebone as DNS Sinkhole?

Yes, the malicious or unwanted traffic can be handled in many different ways. Redirected to a blocking page, honeypot or just pretend that the domain does not exist. All the events are properly logged and could be processed directly in Whalebone or in SIEM and log management solutions.


We protect internet users on 3 continents – Europe, Asia and Africa


more than 100 telcos, corporates and ISPs trust Whalebone


Whalebone is the market leader in implementation time

”For the first time in my career, I have experienced such a quick and seamless integration of security technology into the whole network.”

Miloš Vodička, Head of IT, Aero Vodochody

“Immediately on the first day of having Whalebone in operation we found an infected device. My colleagues have taken a sample and put the device into isolation. The service looks great.”

Peter Kleinert, Binary Confidence MSSP

Explore your future security system

Find out how much Whalebone simplifies your life. Explore now. Buy later.


    Tell us something about yourself.
    Then we can create your own and secure access to the demo version.

    To respond to your request, we need to process the personal data you provided. By proceeding you agree with our Privacy Statement.