Product Details

What threats does DNS Firewall protect users against?

DNS Firewall protects users from multiple threats. Not only does it stop them from accessing malware dropper sites or downloading ransomware, but it also prevents your users from unwittingly sharing confidential log-in information on compromised sites by blocking access to phishing domains.

What threats does DNS Firewall protect your network against?

It prevents cybercriminals from stealing data from your network. This is accomplished by blocking communications between external botnet command and controller (C2) servers and infected botnet nodes on your network.

Who can use DNS Firewall Threat Feeds?

Spamhaus’ DNS Firewall Threat Feeds can be utilized in multiple environments including networks run by ISPs and hosting providers, along with enterprise networks. We offer our customers two commercial access options for our Threat Feeds:

  1. Dedicated Access – If you manage your own DNS infrastructure, Spamhaus DNS Firewall Threat Feeds can be used with a variety of major DNS solutions, including Bind & PowerDNS. They can also be used with some DNS appliances, including Infoblox.
  2. Managed Service – If you don’t manage your own DNS infrastructure you can get immediate protection across your network and for your end-users. All you need to do is simply point your DNS requests to our recursive servers.
Diagram showing how Spamhaus DNS Firewall Threat Feeds work.

How do DNS Firewall Threat Feeds work?

Sometimes referred to as a Response Policy Zone (RPZ), DNS Firewall applies threat intelligence data sets to DNS resolver traffic. This prevents DNS requests from resolving to malicious IP addresses and domains.

  1. User clicks on a URL link and queries the local DNS resolver;
  2. The DNS resolver checks against the DNS Firewall Threat Feeds;
  3. If the domain, IP, or nameserver is listed in one of the data feeds, the resolution of that link is blocked/redirected. If it is not listed, the user can access the link destination.


Based on users, prices start from $5,000 US per annum.

Free access

To protect yourself from the most malicious threats, you can sign up and access our DROP threat feed for free. However, this is only available for users who manage their own DNS.