The Problem: The Dark Days of Information Overload
Before Latvia implemented a national DNS firewall, both CERT.LV and other cybersecurity stakeholders were grappling with a rapidly evolving threat landscape. Nationally targeted phishing campaigns and malicious websites were not only growing in number but becoming increasingly sophisticated, often tailored to local institutions and users. Like many national CSIRTs, we found ourselves in a constant state of reaction - chasing incidents as they unfolded with little time or space for prevention.
To make matters worse, the sheer volume of fragmented threat intelligence created what we called the “dark days of information overload.” End users were often overwhelmed or completely unaware of how to act on the information they received. For ISPs and competent authorities, the lack of structured and actionable data made incident response even more difficult. Without a unifying mechanism like a DNS firewall, valuable time and effort were lost simply trying to navigate the chaos.

The Solution: Birth of the DNS Firewall
Out of this complexity, a simple but powerful idea was born - to stop threats at the DNS layer?
This idea became reality with the development of dnsmuris.lv, Latvia’s own DNS firewall. Created through close collaboration between CERT.LV and NIC.LV (the .LV TLD registry), dnsmuris.lv was designed as a free tool to proactively protect users by blocking access to malicious domain name.
The firewalls first early adopters several municipalities showed promising results in reducing exposure to phishing and malware. The listener will be introduced to the two streamlined implementation models that organizations of various sizes and technical capacities could adopt the tool. These early adopters helped us refine the system and build trust in its effectiveness.

Scaling up: DNS Firewall 2.0
As national legislation evolved, so did our approach. We saw an opportunity to expand the firewall’s effectiveness by collaborating with other competent national authorities - including the National Electronic Mass Media Council, the Lotteries and Gambling Supervisory Inspection, the Health Inspectorate, and the Consumer Rights Protection Centre. Each of these institutions held the legal right to request domain name blocks, but their efforts had previously been fragmented.
We worked together to normalize their domain lists and incorporate them as individual RPZ (Response Policy Zones) within the DNS firewall. This not only unified efforts but also gave each institution a structured, efficient way to act on the identified threats.
In parallel, we offered the RPZ feeds to ISPs free of charge, encouraging widespread adoption without financial barriers. Over time, we enhanced the firewall further with proactive threat intelligence, integrating real-time data to enrich our lists and detect threats before they caused harm. Although everything seemed to be in place, blind spots remained — many users still lacked the technical capacity or awareness to adopt the tool effectively.

The Rise: Mainstreaming DNS Firewall protection
User feedback played a crucial role in the evolution of DNS Firewall. We simplified the setup process and made it easier to integrate the firewall into existing infrastructure. But the biggest leap came when policy caught up with technology.
The adoption of the NIS2 Directive provided the necessary legislative foundation for Latvia to formalize DNS firewalling within its national legal framework. In response, the use of the DNS firewall was made mandatory for all ISPs under Latvia’s National Cybersecurity Law.

The Impact: Real Results
This approach has proven to be highly effective in Latvia’s context. Not only has it helped mitigate phishing and malware attacks at scale, but it has also allowed various national stakeholders to work together in a coordinated and legally sound way.
The DNS firewall’s success lies in its simplicity, scalability, and alignment with technical realities, legal frameworks and meaningful end-user engagement. Today, dnsmuris.lv helps fortify Latvia’s cyberspace one DNS request at a time as an example of how collaborative, proactive defense can truly shift the cybersecurity balance from reactive firefighting to meaningful prevention. Statistics and examples will be shown to illustrate the point.