Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

DNS Response
Policy Zones (RPZ)

Access a wide range of DNS RPZ files to block or redirect sites based on your organization’s risk profile. We provide the data, you choose the zones - configurable to your DNS protection needs and company requirements/policies.

Sign up for a free trial

Peace of mind

Around-the-clock, immediate protection for all your users.

Flexible risk levels

Choose the data you want based on your risk profile.

No additional costs

Use existing hardware. Industry standard format data.

Spamhaus’ DNS Firewall

Access to the DNS RPZ files is provided by Spamhaus’ DNS Firewall service. Automatically block malicious activity - including phishing sites, malware dropper sites and ransomware - at the DNS level, protecting your network and users.

Why are there two different names for the data?

Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.

Datasets Included

Botnet C2 IPs

(Botnet Controller List - BCL)

Botnet command and controller (C2) servers. The status of these single IPv4 addresses is re-evaluated several times a day to identify active botnet controllers only. Utilize for protection or threat intelligence requirements.

Highly Malicious Networks

(Don't Route Or Peer - DROP)

Low Reputation Domains

(Domain Blocklist - DBL)

Zero reputation domains

(Zero Reputation Domains - ZRD)

transition

Use case for DNS RPZ

Transition

For DNS Protection

Automatically block access to malicious sites and URLs, stopping threats like malware, phishing, and ransomware before they reach your network.

With Spamhaus’ DNS Firewall, filter malicious activity at the DNS level, to protect networks and users, reduce time spent on remediation and save on valuable resources.

Set and forget

Simple, low cost network protection measure that is easy to implement across networks, using your existing infrastructure.

Minimise downtime and disruption

Prevent threats with real-time threat intelligence at the DNS level to reduce the impact of incidents on your productivity and revenue.

Save money on risk insurance

Many insurance companies will reduce premiums if you have implemented DNS filtering.

Getting started

  • How to start a free 30-day trial

    To access the DNS RPZ files via Spamhaus DNS Firewall, simply complete the form and submit. No credit card or payment details are required for the free trial.

    What happens next?

    You’ll receive an email asking you to verify your address. If you haven’t already, you’ll be prompted to create an account.

    Once verified, log in to the Customer Portal to view your API key and follow the setup instructions provided in the manual.

    Need help?

    If you have any questions, please add them to the comments box on the sign up form. Once you gain access to the data, technical support is available via our Customer Portal.

    How can I purchase the data?

    During your free trial, you can request a quote in the Customer Portal to get the subscription cost based on your setup. You can also enable trials of additional datasets via the Customer Portal.

  • System requirements

    Set up uses your existing network environment. To use the RPZs via our DNS Firewall service, you’ll need to manage your own DNS infrastructure.

    The service is compatible with a range of major DNS solutions, including BIND, Knot, PowerDNS and Unbound, and can also be integrated with certain DNS appliances, including Infoblox.

  • Technical documentation

    Full set up details for accessing the DNS RPZ files via the DNS Firewall Service are on our documentation page, including configuration details for PowerDNS and BIND.

  • How to optimize your network protection with BGP

    DNS RPZ blocks malicious domains before connections are ever made, preventing botnet C&C traffic, phishing, malware, adware, and cryptomining from reaching your network. As many threat actors rely on domains, this is a powerful way to cut threats off at the source.

    Some threats, however, don’t use domains at all. For example, certain botnets communicate directly via IP addresses, bypassing DNS entirely. This is where edge protection via Border Gateway Protocol (BGP) comes in. Operating at the router level, it blocks malicious IP traffic, closing the gap against threats without a domain.

    Together, Spamhaus DNS Firewall and BGP deliver layered protection, stopping attacks whether they use domains, IPs, or both - learn more about BGP.

  • Pricing

    DNS RPZ via Spamhaus DNS Firewall is priced based on the number of users, with final costs determined after the trial. Alternatively, please contact our sales team.

    To protect yourself from the most malicious threats, you can sign up and access our highly malicious networks (DROP) data for free. However, this is only available for users who manage their own DNS infrastructure, and no technical support is available for the free service.

View FAQs

Ready to start
your free trial?

Get a free 30-day trial of our DNS RPZ via Spamhaus’ DNS Firewall. No credit card details required.

Sign up

Frequently Asked Questions

  • Who can use DNS RPZs?

    To utilize DNS RPZs, you’ll need to manage your own DNS infrastructure. The RPZs can be used with a variety of major DNS solutions, including BIND and PowerDNS. They can also be used with some DNS appliances, including Infoblox.

  • What threats do DNS RPZs protect users against?

    Our DNS RPZs protect users from multiple threats. Not only do they stop them from accessing malware dropper sites or downloading ransomware, but they also prevent your users from unwittingly sharing confidential log-in information by blocking access to phishing domains.

  • What threats do DNS RPZs protect your network against?

    The DNS RPZs prevent cybercriminals from stealing data from your network. This is accomplished by blocking communications between external botnet command and controller (C2) servers and infected botnet nodes on your network.

  • How do DNS RPZs work?

    DNS RPZ applies threat intelligence data sets to DNS resolver traffic. This prevents DNS requests from resolving to malicious IP addresses and domains.

    1. User clicks on a URL link and queries the local DNS resolver;
    2. The DNS resolver checks against the RPZ’s;
    3. If the domain, IP, or nameserver is listed in one of the zones, the resolution of that link is blocked or redirected. If it is not listed, the user seamlessly continues to access the link destination.

    For more information, read this blog post

Explore more

Data Access

Border Gateway Protocol

Block the worst-of-the-worst at the network perimeter, using your existing BGP-capable appliances. Our data delivered via BGP Firewall is highly precise and low risk to block, targeting only verified malicious sources.

Learn More

Data Access

Intelligence API

Integrate context-rich metadata relating to IP and domain reputation to enhance existing data feeds, or consume as an independent data source. Gain additional intelligence to monitor, assess and remediate as required.

Learn More

Data Access

Real-time DNS Blocklists

Query real-time DNS blocklists, covering IPs, domains and hashes (including malware files, cryptowallets, email addresses and URLs) to protect your email infrastructure, wider network and users.

Learn More
Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon