DNS Firewall

Malware • Ransomware • C2s • DGAs • Phishing • Cryptominers

Stop Threats at the Root

ISC developed DNS RPZ (Response Policy Zone) as an open, vendor-independent component of the BIND Domain Name Server. RPZ functions as a DNS network security firewall with rules expressed in specially constructed zone files. The resulting segmented structure provides a very effective method of leveraging threat data to detect and prevent malware and ransomware activities at the DNS level.

Administrators use DNS RPZ to create rules that initiate specific responses and actions. Then, based on these rules, the firewall provides alternative answers to queries. For example, when a workstation, server, or other network device tries to connect to a malicious website, it will not be able to resolve DNS. Instead, it will be redirected to a web page that explains why access was blocked.

By redirecting to a “safe” page, the DNS RPZ firewall network security not only protects assets, it also educates users. They get information in real-time, about the link, email, or resource that was taking them to a malicious site.

Firewall Security Network


Flexibility is Key for DNS Firewall Network Security


It can be complicated to restrict access at the DNS level. While it is usually without many issues that you can block C2s, DGAs, and phishing sites, malware poses some problems. That is because many legitimate and very popular sites unknowingly host malware. These include Dropbox, Google Docs, GitHub, and many others.

When administrators block access to these sites, many of which are used for work, it can be very problematic. This is why granularity is key.

A Zone for Each Threat Type

Malware Patrol offers seven separate response policy zones. With a zone for each threat type, it is easier to maximize threat coverage while minimizing the impact on users.

Each zone can be implemented – or not – depending on your needs. These zones include domains hosting (1) C2s, (2) COVID-19 Newly Registered Domains, (3) Cryptominers, (4) DGAs (used by over 40 malware and ransomware families), (5) DNS-over-HTTPS servers, (6) Malware, and (7) Phishing sites.

Whitelist and Filter Out Top Domains

Another feature of our DNS RPZ firewall is a simple web interface that allows customers to whitelist specific domains.

And, to further help customers avoid blocking high traffic sites, Malware Patrol includes zone files with the top 25,000, 100,000, and 1,000,000 Cisco Umbrella domains removed. The Cisco Umbrella classification is updated weekly and applied seamlessly.

Custom “Walled Garden”

You can use our “walled garden” to send your users to when the try to resolve a malicious domain. Or, you can configure your company’s own page using the instructions available here.

Package Details



Response Policy Zones:

  • C2s
  • COVID-19 Newly Registered Domains
  • Cryptominers
  • DGAs
  • DNS-over-HTTPS Servers
  • Malware
  • Phishing


  • Updated every 5 minutes
  • Automatic transfers (AXFR/IXFR)
  • Cisco Umbrella Domain Ranking filtered zones
  • Configure and forget






  • Free 7-day data evaluation
  • Includes Business Protect Package
  • Unlimited-use commercial license
  • Annual subscription





Set up a DNS Firewall – System Security in 5 Easy Steps

Watch our configuration guide, with step-by-step instructions on setting up and enabling a DNS Firewall Network Security. You can also find our guide by accessing our Configuration Guides page in the section BIND9 RPZ – DNS Firewall (DNS Firewall & Enterprise Customers).