Block VPCs from querying domains with suspicious content, or use a strict allowlist to limit traffic to only trusted domains.
Managed domain lists
Choose from one or more lists of domains managed and updated by AWS, to easily block traffic to known DNS threats.
Advanced protection
Block advanced threats including DNS Tunneling and Domain Generation Algorithm (DGA) based attacks, using Route 53 Resolver DNS Firewall Advanced.
Learn how Airbnb uses the DNS Firewall to enhance security
Use cases
Enforce allowlisting
Restrict outbound DNS traffic to only allowlisted domains, to comply with your internal security and corporate security guidelines.
Filter outbound DNS traffic
Block outbound traffic to suspicious domains on the Internet that may lead to loss of data through malware communications.
Continuous observability
Centrally log queries for blocked and alerted domains to Amazon Simple Storage Service (Amazon S3), Amazon Kinesis, or Amazon CloudWatch to audit outbound DNS traffic.