Product Details

What threats does DNS Firewall protect users against?

DNS Firewall protects users from accessing malware dropper and phishing sites. It also protects from accidentally downloading ransomware, cryptominer software, botnet command & controller (C&C) servers.

What threats does DNS Firewall protect your network against?

It disrupts communications between botnet command and controller (C2) servers and infected botnet nodes on your network, preventing data loss.

System requirements

Spamhaus DNS Firewall Threat Feeds can be used with a variety of major DNS software, including Bind & PowerDNS. They also can be used with some DNS hardware including Infoblox.

For those who don’t manage their own DNS infrastructure, we offer a DNS Firewall Managed Service. This allows you to point your DNS to our recursive servers.

To protect yourself from the most malicious threats, you can sign up and access our DROP threat feed for free.

Diagram showing how Spamhaus DNS Firewall Threat Feeds work.

How do DNS Firewall Threat Feeds work?

Sometimes referred to as a Response Policy Zone (RPZ), DNS Firewall applies threat intelligence data sets to DNS resolver traffic. This prevents DNS requests from resolving to malicious IP addresses and domains.

  1. User clicks on a URL link and queries the local DNS resolver;
  2. The DNS resolver checks against the DNS Firewall Threat Feeds;
  3. If the domain, IP, or nameserver is listed in one of the data feeds, the resolution of that link is blocked/redirected. If it is not listed, the user can access the link destination.


Based on users, prices start from $5,000 US per annum.