Amazon Route 53 Resolver DNS Firewall

Block DNS queries to malicious domains and allow queries to trusted domains.
Get started with Amazon Route 53 Resolver DNS Firewall

Benefits

Block VPCs from querying domains with suspicious content, or use a strict allowlist to limit traffic to only trusted domains.
Choose from one or more lists of domains managed and updated by AWS, to easily block traffic to known DNS threats.
Block advanced threats including DNS Tunneling and Domain Generation Algorithm (DGA) based attacks, using Route 53 Resolver DNS Firewall Advanced.

Learn how Airbnb uses the DNS Firewall to enhance security

Use cases

Restrict outbound DNS traffic to only allowlisted domains, to comply with your internal security and corporate security guidelines.

Block outbound traffic to suspicious domains on the Internet that may lead to loss of data through malware communications.

Centrally log queries for blocked and alerted domains to Amazon Simple Storage Service (Amazon S3), Amazon Kinesis, or Amazon CloudWatch to audit outbound DNS traffic.

Explore more of AWS