Amazon Route 53 Resolver DNS Firewall

Block DNS queries to known malicious domains and allow queries to trusted domains.


Block VPCs from querying domains with suspicious content, or use a strict allowlist to limit traffic to only trusted domains.
Choose from one or more lists of domains managed and updated by AWS, to easily block traffic to known DNS threats.
Centralized management and visibility for DNS Firewall rules across AWS accounts through integration with AWS Firewall Manager, for consistent enforcement of policies.
Learn how Airbnb uses Route 53 Resolver DNS Firewall to enhance security.
AWS re:Inforce 2022

Use cases

Restrict outbound DNS traffic to only allowlisted domains, to comply with your internal security and corporate security guidelines.

Block outbound traffic to suspicious domains on the Internet that may lead to loss of data through malware communications.

Centrally log queries for blocked and alerted domains to Amazon Simple Storage Service (Amazon S3), Amazon Kinesis, or Amazon CloudWatch to audit outbound DNS traffic.

Explore more of AWS