Posted On: May 31, 2023

Starting today, you can enable a new Managed Domain List on Amazon Route 53 Resolver DNS Firewall, to block domains identified as low-reputation or that are known or suspected to be malicious by Amazon GuardDuty’s threat intelligence. This means that customers using GuardDuty can now block domains using the same GuardDuty threat intelligence used to monitor and alert you on potential DNS threats for your AWS accounts today.

Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts for potential threats, including those delivered over DNS for EC2 instances that use the Route 53 Resolver. Route 53 Resolver DNS Firewall is a managed security service that enables customers using Route 53 Resolver to filter DNS queries to known bad or suspicious domains using AWS Managed Domain Lists, or by deploying a customer defined list. With this launch, customers using GuardDuty for DNS threat alerts can automatically block the threats by deploying the new list on Route 53 Resolver DNS Firewall without additional configurations.

You can get started with the new AWS Managed Domain List on Route 53 Resolver DNS Firewall from the Amazon Route 53 Console or the API, at no additional cost. To learn more about the feature, including region availability, visit the Route 53 documentation for Managed Domain Lists. To learn more about Route 53 Resolver DNS Firewall, including pricing, visit the Route 53 website and documentation.

8/9/2023: GuardDuty threat intelligence sources domains from both internal AWS and third party sources to generate findings for Amazon GuardDuty customers. Domains from third party sources are not added to the new Managed Domain List on Amazon Route 53 Resolver DNS Firewall.