Amazon Route 53 Resolver DNS Firewall now supports Palo Alto Networks Advanced DNS Security (Preview)
Amazon Web Services announces the preview of Palo Alto Networks (PANW) Advanced DNS Security on Amazon Route 53 Resolver DNS Firewall. Security administrators can now enforce DNS threat protections from Palo Alto Networks directly on Route 53 DNS Firewall rules, without deploying separate firewalls or modifying VPC configurations — by subscribing to PANW from the DNS Firewall console through the embedded AWS Marketplace widget.
With this launch, you can enforce DNS threat protections from Palo Alto Networks by deploying one or more security categories including Command and Control, Malware, Phishing, Newly Registered Domains, and more, directly within the DNS Firewall rule creation workflow. You can apply these protections for your DNS query traffic from Amazon VPCs and hybrid-cloud, forwarded via Route 53 Resolver Endpoints, providing unified DNS threat protection across AWS and on-premises environments. This integration complements AWS-managed domain lists with Palo Alto Networks' threat intelligence, including fast-flux protection, DNS tunneling detection, DNS rebinding protections, and DGA detection. It simplifies security operations by eliminating the need to deploy separate PANW firewalls per VPC or account, and supports multi-account management through AWS Resource Access Manager (RAM), Route 53 Profiles, and AWS Firewall Manager. Customers gain centralized visibility through AWS Security Hub findings and query logs stored in Amazon S3, Amazon Data Firehose, or Amazon CloudWatch Logs.
Palo Alto Networks Advanced DNS Security on Route 53 DNS Firewall is available in preview in the following AWS Regions: US East (Ohio), US West (N. California), Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Mumbai), Asia Pacific (Singapore), and Africa (Cape Town). DNS Firewall Advanced customers can add PANW rules to existing rule groups at no additional DNS Firewall charge, and the Palo Alto Networks Advanced DNS Security Marketplace subscription is free during preview.
To get started, see the Route 53 DNS Firewall documentation. To view Route 53 pricing, visit the Route 53 pricing page. To learn more about the AWS Marketplace listing and pricing for PANW Advanced DNS Security, see here.