Transcript for "DNS See's it First! Why DNS Filtering is Critical to Cybersecurity Defense": Good morning, everybody. Welcome. We'll get started in just a few moments. Alright. People are still coming in, but I'm gonna go ahead and kick it off. So welcome, everybody. I am Tori Pasda, the director of marketing here at Thryv, and welcome to our webinar today, DNS sees it first, why DNS filtering is critical to cybersecurity defense. Hopefully, by the end of the webinar, you'll have a more complete understanding of the reality of DNS and its impact on your network security and how thrive in DNS filter can help. Let's get into a few housekeeping things. The length of today's webinar will be roughly 45 minutes including q and a. We wanna be respectful of your time as we are very grateful that you have joined this webinar today with us. Q and a, we will have a tab that is open throughout the entire presentation, so please make use of it if you have any questions during the presentation. At the end, we will answer as many questions as we can, and any that we do not get to, we will follow-up with after the webinar. We will also provide the slides and the recording via email to all registrants of the webinar. So to kick things off, I'm gonna run 3 poll questions. I'm gonna give everybody some time to answer, and then we'll move on. Your responses to these will help aid in the discussion today and discussions that we have after the webinar. So let's kick off the first poll. First question, how familiar are you with the concept of protective DNS? So very familiar, somewhat familiar, or not familiar at all. I think that kind of is showing so far what we thought. Everybody has a a little bit of knowledge about DNS, but maybe doesn't, you know, feel a 100% confident in that knowledge. Couple more seconds here. Alright. I'm gonna move on to the next. 2nd question, and this one is multi select. What features do you consider most important in a protective DNS solution? Real time threat detection, encrypted DNS protocols, comprehensive threat intelligence, integration with existing security systems. And, again, that is multi select. Couple more seconds. Alright. Moving on to the final question. Do you have an internal security training program? Yes, no, or unsure? Love the yeses. It is okay to have no. Give a couple more seconds for this last one. Okay. Close that. Thank you everyone for your participation in the polls. So our agenda today, welcoming you all and our speakers, then you'll hear from, Mikey at DNSFilter on DNS, and how it works, Thrive for a cybersecurity overview, and then we're really excited for you to hear from doctor Paul Macapetris on where DNS started and where it got where it's going, and then we will end with q and a. Right. I see Kevin and Mikey have joined and doctor Paul Machopetra. So, Kevin Lant is our vice president of product cybersecurity here at Thryv. Mikey Pruitt is a partner evangelist at DNSFilter, and doctor Paul Machapetris is DNS inventor and chief scientist at Threatstop. Very excited to have the 3 of you, and I am going to let you guys take it away. Awesome. Well, so I'm Mikey Pruitt, and, really happy to be here today. I'm actually dialing in from a, conference in San Antonio. So I'm having a great time. Very excited to be here. Thank you to Thryv for inviting me. Then kind of what that one of those that first poll question kind of started with is, like, are we all DNS experts? And the answer was not really. So before we dive into, like, the specifics of DNS filter, I just wanna make sure that we're all on the same page of what the technology is. So DNS or and by the way, I'm super nervous doing this in front of Paul because Paul, like, invented DNS. So this is really nerve wracking for me. But DNS or the domain name system is, like, essentially the directory of websites on the Internet. So when you type the web address into your browser, DNS is the technology that translates the easy to remember domain name into, so like dnsfilter.com into into the numerical IP address that computers use to identify each other on the network. And this is an IP address. So think of it this way. When you want to call someone, you don't dial their name. You dial their phone number, and this is kind of the phone number. DNS does that for Internet browsing. It converts the website names we know into IP addresses that the Internet's infrastructure can understand into what's called a DNS query. Skip. There we go. So this back and forth question and answer session happens thousands of times a day on every Internet connected device. It's not just in your web browser. The applications, background processes, and operating system of all the connected devices use DNS to communicate with the outside world all day. This process is really fundamental to how the Internet works, but it's also a point of vulnerability. It's where security threats like phishing attacks or malware distribution often begin. That's where DNS resolvers like DNS filter come in. We convert the names into those IP addresses, and our platform receives that DNS query, checks the category of the domain requested, looks up who requested the the data, then we apply appropriate policy in either allow or block. Kinda comes down to that simple terminology. We perform those actions billions of times per day. Next. Here we go. So DNS filtering plays a critical role in cybersecurity. So, you know, why is this layer so important? The majority of cyber threats begin with that simple web request. Filtering these web requests is crucial to protecting businesses from malware, phishing, and other cyber threats. Plus, we can force content policies to block unwanted content, so that your employees employees or guests can't visit things you don't want them to do on your network. Our global network ensures not only top notch security, but lightning fast speeds and reliability. It's actually the fastest DNS resolver network on earth, which may be hard to believe but it's true. Next. There we go. So according to our data, one out of every 1,000 DNS queries is malicious. And given that the average user generates 5,000 DNS queries a day means each person encounters about 5 malicious domains each day. So that's why DNS is a critical layer to secure. DNS filter offers real time protection. We have a categorization database of over a 1000000000 domains, and we categorize a new about a 1000000 new domains per day. Our service operates in 90 data centers across the globe, serving a 130,000,000,000 DNS queries each day, which is about 1% of the world's Internet traffic. So what sets DNSFilter apart? Our machine learning, categorization engine is called WebShrinker. It's really the key here. So while other web filtering solutions rely heavily on third party data, we ingest and validate that same data, that same intelligence, plus reveal unique threats through our in house engine. So this results in incredibly precise and accurate categorization. We identified threats on average 10 days faster than our competition, and 61% of these threats are unique to DNSFilter. So Web Trigger scans the Internet about every 2 weeks. And as our customer base grows, our model matures, spotting signals in the noise even in sophisticated attacks. So I have a real world example here because you're probably thinking 10 days faster sounds a little sounds a little, hyperbolic. Well, this is a real off example. Probably like you, or like me, you get some phishing attempts pretty regularly. This one came in. Uh-oh. You can't see the animation, I don't think. Hold on. Let me see. Is that animation not gonna work? No. Well, the animation is not gonna work. Apologies for that. But I got a text message that said it was from the United States Postal Service, on a Monday morning in January, and it had a link in there. I did not click the link, but some people would. And you would be surprised at how many did, and I'll tell you how many did, in the at the end of these slides. But this, so I checked this link with DNS filter. We categorized it as phishing and, phishing and deception, which is one of our categories. So I thought, okay. Great. Just as I suspected, you know, DNSFilter is doing what we're supposed to be doing. So then I went to a website called VirusTotal to see if the rest of the industry agreed with us. Only 4 of those 100 vendors thought that this domain was malicious, like DNSFilter. So I you know, first, I thought maybe this is a false positive, and we are incorrect, And I'll need to tell my team to, you know, review this domain. So I went to, I have, like, a isolated environment on my no LAN so that I can detonate malware. So I went to the website to see it, and it was clearly a fake, United States Postal Service domain, you know, impersonating some type of, you know, your package is on hold. Click this link in that way. So I knew immediately it was an actual threat. So then a few days later, you know, I was kinda following the the trajectory of this domain, and I went back in about 2 days later to see what VirusTotal said then, and they said it was about 20 people agreed with us. So I was like, okay. Well, you know, the industry is catching up, but still that's kinda low out of the 100 vendors mentioned there. So I checked the domain again, and this time, Google Secure Browsing, actually blocked it to have, like, a big scary red block page, and I couldn't bypass the domain at all. And when I tried, it actually redirected me to the real United States Postal Service website. So, basically, Google solved this problem for everybody else because they, you know, said this domain was malicious and redirected it to the real USPS. So that's just one of the examples that we see, on a daily basis of DNS filter protecting our customers. In this case, we got about a 24 hour head start or 48 hour head start. And if you're thinking if you saw the, the screenshot, you would see this domain and be like, I would never click on that. Well, a 144 people did click on that on our network, and, of course, we blocked all those. And that's all I have. I'm gonna hand it over to Kevin so he can chat about Thryv, and then we'll get back to some questions later. Thanks. Thanks, Mikey. That's a great, example of a a real world threat there that DNSFilter saw well ahead of of the rest of the industry. So a little bit about Thryv, if you're not familiar with us, we are a security service provider as well as cloud services and more traditional MSP services like, disaster recovery, network management, Microsoft 365 platform management. We do all of that through our Thrive platform so that there's a seamless experience rather than a disconnected set of tools that helps our our teams work better together and provide, better service to our clients. I won't try to read this one to you. We'll we'll send out the the slides afterwards. But just a couple highlights here. Thryv was founded in 2,000. We've got over 1400 employees, and a large percentage of those are technical resources. And we do have the the industry certifications you would expect, like SOC 2 and ISO and and Cyber Essentials Plus in in the UK. What that means is we've got the experience. We've got the scale, and we've got the credentials to be able to serve a number of different industries, including some highly regulated ones like financial services, health care, government. We we have a lot of experience serving those industries that have some unique requirements. At the same time, while we've grown a lot, we do try to keep a local experience for our clients so they don't feel like they're working with a a large faceless corporation. We will work with with our clients through our pod system where they're working with a regional team or with a a pod that specializes in their So you get to know the people you're working with. We get to know the the clients and their unique environment, and and keep that high level of service regardless of of where our clients are located. So jumping back into the the security discussion here, one thing I like to highlight is is some past research, that came out from Verizon for for 2023 that showed 68% of all the data breaches that they analyzed involved what's called a human element. And what they mean by that is, mistakes by employees, things like falling for a phishing email or, using a weak password that was easy to guess or, you know, falling for the the fake wire transfer instructions and and sending a $100,000 to an attacker by by a mistake because he thought it was an email from the CEO. Though that does not include malicious insiders. So we're really just talking about honest mistakes by employees that are just trying to do their their jobs. So what what can we do about that? Well, we can't take away Internet access. That's something that that the modern workforce needs. So we have to try to balance employee productivity versus security. Every new tool that we give them, we have to think about what what are the security implications of that? How do we mitigate those? And and I think as organizations and companies, we haven't always done a good job at that. It's almost like we've handed people dangerous tools without any safety equipment and then expect everybody to to use them perfectly. It's just not realistic. 2 of those tools, emails, web browsers. Most of the modern workforce needs those tools today to do their jobs. But I think not coincidentally, those are 2 of the major threat vectors. So as, security professionals and and managers and people that run organizations, what we really need to do is think about the tools, that that we need to put in place so that our employees can still be productive, but we're also minimizing risk. So at Thryv, we've put together what we call our our end user security bundle, as a way to to, make employees productive, but also, minimize risk. That includes, email security and DNS web filtering. And as Mikey was talking about earlier, that DNS layer is really that first line of defense. I would put email security in that category as well. With these two tools, what we're trying to do is we're trying to stop the threats before they ever make it to the end user. They can't fall for phishing if they never get to that phishing site or or or open that phishing email. And so we have a we have a few different options for email security. We're proud to partner with DNSFilter for the for the DNS portion of our our security bundle. And as part of the service, what we'll do is we'll help you deploy the DNS filter roaming agents, the DNS filter network relay, if that makes sense for you. Our solution architects can put together that that right solution for you. We'll help you deploy it. We'll help you manage it. And then on an ongoing basis, we'll tune those threat detection policies. We'll help you with the content filtering if you want to ban gambling websites from your work laptops. Piece of cake. You know, that that is a a a prebuilt category that DNSFilter has. There's a number of those, and and we can tailor it to meet your acceptable use policy. Now, of course, we always wanna think about security in layers. There's no perfect solution here. So the the 3rd tool in our bundle here is security awareness training. If anything makes it through to the users, we want to prepare them for that. We wanna convert them from a security risk into actually being one of our security layers by by helping them understand how to recognize threats, how to handle those, how to report those. And so we do that through quarterly, training and monthly phishing tests. So we identify who who's doing well and maybe who needs some extra help becoming, security aware. I saw on the poll there at the beginning, about 60% of you already have some security awareness training. This bundle can be purchased a la carte. So if if you need some solutions but not the others, we we can work with you there. But the 40% of you that that don't have security awareness training, that comes as part of of the bundle. And then lastly, just as, DNS filtering is that that that first line of defense, We think about endpoint detection and response as that last line of defense. Anything that gets through our other layers, we've got the EDR agent on the workstations and laptops. What that does is it can detect that malware, shut it down in real time so it can't execute. It's highly effective against ransomware. And it can also detect, suspicious activity. Maybe it's not malware, but it's a suspicious data transfer. It looks like a lot of, data leaving the organization. It can shut down that communication in real time and then notify Thryv and our security team so we can investigate it. So, again, the goal here is is helping users be able to do their jobs, but at the same time, putting some guardrails around it so we can keep the organization safe from cyberattacks. We do a lot more than that at at Thryv. So other parts of that modern security stack that Mikey mentioned are things that we could do, things like firewall management, dark web monitoring, managed detection and response. What we'll typically do is have a conversation and talk about where are you today, where would you like to be a year from now, 2 years from now, and we can put together that plan. But not everyone's there. So if if you're actually one of those organizations that maybe you're not sure where you are today and and you're not sure what you need a year from now, 2 years from now, that's perfectly okay. We talk to a lot of clients that are in that same position. What we can do is we can work with our, Thrive Consulting team. We can do a onetime risk assessment with you, and, our our consultants will come in, do an evaluation of of what's in place, what's working well, what maybe needs to be improved, put together a formal report with recommendations that are vendor agnostic so that you can take that and maybe go to your board of directors or your management and and use it to show, the the justification for making, an investment in your security or or changing some of the things you're doing today. With that, I will hand it over to Paul so we can learn more about some of the history of DNS and and some of the past efforts and ongoing efforts to make it secure. Well, thanks very much. What What I'm gonna talk about today is sort of what did DNS start out to do, why won't DNSSEC start, and what is DNS protection starting to do? I'm assuming that, the audience is mostly people who are thinking about implementing this one way or another, and are trying to figure out how much of this they need. DNS protection is indeed one of the parts of overall security as I think everybody has said so far. My day job is at a company called Threatstop, and what we do is we do protection at both the IP and the DNS level. You know, DNS protection as well as programming your firewalls and so forth to create integrated detection. And we work with colleges, and we work with telcos to worry about SMS evil and so forth. There's a lot of evil in a lot of different directions that DNS can help with, although it's not the complete solution. Okay. So, what did DNS start out to do? You know, the usual wisdom is it was designed to translate human friendly names to IP addresses. Well, no. That's what the party line was, and that's certainly why I got paid. But the reality was is that my goal was to replace IP addresses everywhere with names and make you never need those IP addresses. You didn't wanna go there. You just wanted to use names as first class objects, in a new architecture. So it also creates a distributed database for network configuration and other network activities. So that in addition to the IP address thing, it also helps you figure out where the right name server is. One example of why IP addresses weren't the first thing in DNS was the first DNS query ever. What it did was it said, what name server should I go to? Okay? It wasn't looking for an IP address. It was looking for the name of a DNS server. And if you take a look under the covers, yeah, there's a lot of this IP address stuff going around, but there's about a 100 different kind of data types that people have thought about using DNS for, and probably about 50 of them have achieved, some amount of success. We've had some false starts. People talk a lot about the elephant of DNS and the fact that there's a 100 pages of the original DNS spec, and there's a 100 other RFCs that modify, extend, or change it, and it's kinda hard to get your hands all the way around that. But that's good. I tend to think of it as being kind of a failure because that meant there's only been, like, 2 new ideas per year in the 40 years of DNS, so it hasn't been moving all that fast. Anyway, replace any need for these identifiers, and it should be extensible. Some of these things had failed. The original specs was talking about how, all email addresses should be represented as domain names, and they're not. So there's things that have failed. There was when we invented the DNS, there was no web, so we didn't have to worry about embedding web addresses. So I guess just to summarize, the idea that it's only about translating names to IP addresses is a little bit like saying the function of an airplane is to taxi out to the runway and to taxi back from the runway, and that's the important part. So let's move on. Why won't DNSSEC start? Because people are saying, well, do you know there's DNS security? DNSSEC sounds like it should be giving me security. Here again, there's usual, wisdom that, well, you know, the reason DNSSEC isn't starting as, its designers hope for is, well, you know, there's all of this complicated crypto stuff and complicated algorithms and CPU costs and blah blah blah, and everybody has to do it or else it isn't useful and it's kinda brittle. And if you get a small error, you know, you have a problem. So for example, NASA disappeared off of the Internet for a while just because they had misconfigured one of these DNSSEC signatures so that, you know, there's this need for perfection. All of that stuff is true. DNSSEC is kind of brittle and so forth, but the reality is it didn't solve the right problem. What was the right problem? If you wanna go to google.com, you wanna go to the google.com website. You don't care whether or not the IP address that you get back is a 100% legitimate, but BGP hijacking has directed that to Moscow. For example, in the Ukraine, where we do some business, when the battle line moves, the ownership of the IP addresses stops being routed back through the Ukraine and starts being routed through Russia when Russia moves forward and vice versa. That happens to cell phone towers as well. So the routing in there follows the success and failures of the 2 different sides. And if you wanna know whether or not your traffic is being watched by the Russians that you're Ukrainian, and you probably wanna know. Okay? You have to worry about whether or not the website is authentic and not whether the IP address is authentic because IP addresses can be hijacked either with tanks or with BGP. Okay. So what's the right problem? Well, the right problem is this digital certificate that sets up your secure connection to the website. Okay. So the problem with DNSSEC is that it didn't protect you by giving you that that certificate. That certificate came through an entirely different mechanism and so forth. Now people are starting to evolve the way that they manage certificates to bring them into DNS. Okay? But the fundamental reason why people don't care too much about DNSSEC is it doesn't protect their web traffic in the right way. Okay? It is true that it you know, we said the DNS was to be used for a whole bunch of different purposes, and it's very nice that DNSSEC will protect all of those purposes, but it doesn't protect web traffic. So that's one of the reasons why it isn't as valuable, and since it isn't as valuable, it's one of the reasons it doesn't get used that much. Okay. What about DNS protection? There's a lot of people that will run around and say, oh my god. This DNS protection, it's designed to censor you and, you know, it's evil. It's gonna balkanize the, Internet. There's a bunch of other people who point out that, well, it defeats malware and bots, and it probably isn't the end of the Internet. You know? One of the things that I talk about is DNS protection works in practice if not in theory. You know? I I must admit that it always escapes me why everybody in the world demands to have their email filtered but doesn't wanna have their DNS filtered. Most people wanna have their IP filtered. Okay? It's sort of funny about how, you know, you don't think about these layers in the Internet holistically and just say, yeah. I really wanna shape the Internet that I see. And what that shaping means is doing filtering and blocking and so forth at all of these different levels, all the different ways that people try and sneak into you. You know, you may wanna have the first level of defense be out there to do that. So what I think that everybody should do is to augment their IP address, filtering with name based firewalling, which is what DNS protection does. Why do you care about that? Well, let's say, supposing you're going to one of the millions of sites, that's out there on Cloudflare. Okay? And you're gonna use the 1111, Cloudflare DNS resolver service. Cloudflare is in the business of serving you Pirate Bay, Hamas, and a bunch of other sites that you may or may not wanna go to. They get paid per click, so their DNS blocking is not gonna be very effective. So you probably wanna find somebody who's more interested in your security than their revenue. I the DNS, I it it may be that 1111 and and 8888 and so forth and so on are all just like Saint Teresa and just out there to help the general public. But you gotta kinda think about the motives. So what I think you need to do and the way you should think about this is provide an opportunity to tailor your Internet to go where you want it to go and not to go where you don't want it to go. Security is the first thing you think about. It's saying, I don't wanna go to malware sites. A second level may be compliance. What do I mean by that? One of the solutions we deliver to people is to say, okay. We'll let you go to the parts of the Internet that in the Ukraine that are still controlled by Ukrainians and not to the other parts. A delivery company that you probably know of wants that kind of solution. Part of the reason for that is the US government will fine you a lot if what you do is you do business with sanctioned entities. There's online lists and paper documents that tell you where your the US government will fine you or remove your banking privileges if you do business with them. Now you could hire compliance officers to go 1 by 1 through this, or you can just get, compliance data and just say, I won't con connect to, Russian controlled entities. Alright? We have another customer that says, wait a second. I wanna connect I wanna connect to all the Russian entities that aren't sanctioned because they do we can do a lot of profitable business with them. So they tailor their Internet that way. It's interesting that we're starting to see people that are saying, well, wait a second. I hear that there's all of these AI things out there that are gonna scrape my content and steal my content and use it it to their own devices. So I wanna filter out all of these AI engines that are out there, generative AI things, that wanna scoop up all my facts and figure out how to use it against me, so that some people wanna filter out AI. And I think lastly, there's a very simple metric for people that do business on the Internet. They very often don't wanna talk to anybody that has an email address that's only 30 minutes or a day or 5 days. Why do you care? Well, because the people who register domain names pay with a stolen credit card, and that domain name gets taken back once the credit card company says, oh, no. This is stolen. We're gonna charge it back. So what you may wanna do is to just say, I'm not gonna do business with somebody unless their domain name is nicely aged. Now that's not a perfect solution, but it's a metric that shuts off a lot of traffic. Okay. Practically, here's my thoughts on what you think how you should think about starting to do DNS protection. The the first thing to do is to think about, well, if I want to, I can do hook myself up to 9999 and get it for free. It's not necessarily perfect. It's not tailored, and it doesn't tell you what happened. It just filters stuff. So there is a free solution. You know, the next level up is to get professional protection from, you know, people, like DNSFilter or ThreatSTOP. And I think, you know, the next level up from that is to think about tailoring it yourself. Some of the tailoring can be a little bit, different than what you might expect. For example, what we do is, we say if you have CrowdStrike and you're using that to protect your endpoints, can use it protect your printers and other devices that don't have endpoint protection? Yeah. We can embed their their data into the network. We have our own wonderful feeds like everybody else, but we also take other people's feeds and make them available to our customers. And I think the other question you have to ask is whether you just want protection that says, please stop me from going to sites that you know that are bad or whether you wanna be able to audit the stuff and find out whether or not you're infected. Any large network probably has infections. So beyond doing just the blocking, you have to think about detecting bad traffic, both inbound and outbound, and figuring out exactly who's at fault. All of that gets more complicated, of course, but it's the way to protection for large important organizations. So I think I'll let us go to questions now. Thank you, Paul and Mikey and Kevin. That was all really good information. Yes. So we're gonna get into some q and a. There's still time to submit questions for anybody that has them, but we'll start this one in the chat. How does the technology handle full positives? I believe that came in during, your section, Mike. Sure. So DNS filter, you know, have a few things that we do to to reduce false positives. We found that we have less than 1% rate of false positives. One of the things we do is there are some websites that just cannot be automatically flipped to a category that seems odd for them. Like, Google.com, for example. Anything on, like, the Alexa top 1,000 or what used to be the Alexa top 1,000 requires, like, a human to verify. And we we do get stuff like that, from some of the security feeds that we, ingest and pay a lot of money for, that sometimes, like Yahoo or some subdomain of Yahoo will be listed as malicious. Well, we have to check that, you know, with humans sometimes. So robots are good, but they're not a 100% yet. We have about 50 or 60 heuristics that our categorization engine web shrinker is looking at. So it's looking at things like the domain name itself, when it was when and where it was registered, who there is to registrar, links in and out of that website. It does some image analysis, so it can detect, like, if there's a Microsoft logo, and this is not a Microsoft domain. You know, you can check that this is a IP block for Microsoft. So a lot of different things like that for, more precise categorization. But, yeah, great question. Thank you, Mikey. Another one. Kevin, do you see any that you wanna answer there? Yeah. It looks like we've got we've got one about how DNS filter compares to Cisco umbrella. I guess what I'll say there is more to more of a general comment about why we chose to work with with DNSFilter. So we evaluated a number of contenders, if you will. What we really liked about DNSFilter was, the performance of it in terms of, how quickly and and accurately it can it can resolve DNS queries. That's obviously important. We talked about that trade off between productivity and security. We wanna be able to offer security without slowing people down, so that was a consideration. The other one was just ease of of implementation and management, Especially for us as a service provider, we need to be able to easily manage this for a number of clients so that, their experience is meets their standards. Obviously, they if they have a bad experience, they don't go and blame DNSFilter or Umbrella. They blame Thryv. So we really need to put these through a lot of testing with our team to make sure we think it'll meet the standards that our our clients expect. Mike, maybe I'll I'll pass it to you if there's anything specific you wanna highlight there in terms of, some of the things DNSFilter does. Yeah. Sure. I I think you really hit it on the head. You know, I'm at a conference right now. And when people ask me this question, I say that, and then I say that our, in house classification is, you know, I don't wanna say better, but it's more robust. We have we have all of the intel that everyone else has. Plus, we use our own, you know, machine learning algorithms to verify all of that data that we get and create data unique to us. Hey. Speaking as a scientist and not as, a vendor, I have to say that one of the things that always bothers me about a lot of these comparisons is that they're so difficult for the end user to do. So, you know, I think that being able to outsource that, you know, to an MSP like Thrive, you know, the trusting their judgment is probably an important thing. That being said, there's no DNS server that's faster than the one that's on my local network. It's just I mean, you know, we all look to DNS servers in the cloud, in Amazon, for example. If you want dedicated servers, we'll spin them up for you in the Amazon cloud with with as much or as little redundancy as you might like in as many regions and all that kind of stuff. The cloud based solutions are often for convenience. If you want if raw speed is important to you, then bringing it down into your own local environment is what works. And if you don't wanna be in series with if you don't want your security to be in series with the security of the cloud, then you need to bring it in locally. And different solutions fit for different people and different priorities. So I think, you know, you have to understand the users' needs and adapt and know one solution is perfect for everybody. Absolutely. That's a really good point, and and I'm guessing Paul has run numerous, DNS servers locally on his own plan. It's it's actually not that hard to do. You could use, you know, a lot of the same technology that we, DNSFilter, Cloudflare, all the others are using to do this yourself. You know, but a lot of times, people wanna offload that to someone else so that they don't have to manage it internally. But that's kinda proves how ubiquitous DNS is and how manipulated it can be under certain circumstances. I think that, we'll try and answer 2 more. This one, if Thryv is managing the implementation of DNS filter to our company, how can we, the company, manage the sites that get blocked? Sure. I can I I'll take that one? So as as part of the the onboarding process with with the service, with Thryv, there will be a deployment engineer that that steps through those, options with you. We do have a our our baseline default policy that we would would recommend for for most clients. But what we would do is is walk through the the interface, talk about the different categories that are available, tuning on on those policies. And so we can tailor that with you as part of the on onboarding process. Once it's in place, then we can manage any changes to that. If there's particular sites you need blocked or or unblocked, that can all be done through the Thryv platform. With with the support team, we can we can escalate those. If it's if it's something that impacts business and and you need something, to to load right away, that's something we can escalate to the team, and get get changed for you. Awesome. Thank you, Kevin. Okay. I'll say that that was gonna be our last question because we are coming up right on 45 minutes. I do want to open our last poll. And this is just if you'd be interested in learning more from Thrive and DNSFilter on this topic that you heard today. As a reminder, we will be also sharing out the, presentation, the recording, so you will get an email with that, attached to it. I'll leave this open for just a second, but we will close out here. So I do want to say thank you so much, Kevin, Mikey, and Paul. What an informative session. Incredible to have you on this, Paul, with your history with DNS. So, really, thank you guys so much for being on here today. Yeah. And thank you, Paul, for creating DNS. Hey. Thank thank you guys for this opportunity, and, I hope that, we were as educational as your poll indicates. And, if people wanna tell me what I did wrong about the design of DNS, I'm all ears, but a lot of that is stupid. They ask questions. Amazing. Well, thank you so much. I hope everybody has a great day. Thank you. Bye. Bye.