Netherlands-based ISP XS4ALL is using Spamhaus' DNS Firewall Threat Feeds to provide an improved security service to its customers.

The Challenge

Cyber criminals are keen to abuse someone else’s well-equipped network, so ISP and hosting environments are targeted by malicious actors keen to insert malware and botnets that can infect across a network.

Email filtering and anti-spam measures can block most phishing attempts but there is always the risk that a customer will unwittingly respond and allow access to malware. So there is always a risk of getting infected, or have infections that might spread to others.

The challenge for XS4ALL is to provide protection without impacting the demand for high-volume, high-speed connectivity and give customers a choice of the security profile that’s right for them.

The Solution – PowerDNS with DNS Firewall Threat Feeds

XS4ALL runs PowerDNS Recursor for its DNS resolution because it has a native implementation to receive an AXFR/IXFR data feed for industry standard Response Policy Zone handling. With the release of version 4.0 of PowerDNS Recursor, XS4ALL was able to configure Response Policy Zones into the resolution process for the first time.

The new 4.0 version has an extra feature which enables active lookup of a configuration for the client that queries the resolvers. This enabled XS4ALL to make DNS Firewall malware filtering optional, with each customer able to chose it as an added security service.

Implementation of DNS Firewall was straightforward given the version of PowerDNS Recursor, the main volume of work required was to configure XS4ALL’s systems to provide this as a customer option.

The Results – thousands of malicious connections blocked daily

After a careful checking of a PowerDNS setup with mirrored traffic and reviewing the volumes of suspicious queries, DNS Firewall was made operational as an option to customers. When enabled, customers drastically cut down on malware traffic from links in already downloaded email messages that they clicked on accidentally.

“With DNS Firewall, we are able to block thousands of malicious connections everyday. And as it can be configured on demand, it’s a great option to offer our customers.” Kai S, System Engineer, XS4ALL

Command & Control beaconing traffic from botnets is also greatly reduced. Even though each beaconing message is very small, a compromised enduser can consume massive amounts of bandwidth when it is used to mount DDoS attacks.

Related Products

DNS Firewall Threat Feeds

Applied at the DNS level of your infrastructure, these threat feeds automatically stop users from accessing malicious sites including phishing and malware dropper websites.

These threat feeds can be integrated with existing recursive DNS servers, or for those who don’t manage their own DNS, we have a managed service available.

  • Reduce IT costs
  • Set and forget
  • Save money on risk insurance


Take control of the ‘risk’ factor and choose your DNS Firewall Threat Feeds wisely

17 March 2019


When choosing DNS Firewall Threat Feeds its key to ensure you pick the right ones based on the relevant level of protection your business requires, otherwise you could be making things more tricky than they need to be.

Botnet command & control domain registrations go through the roof in 2018

22 February 2019


When Spamhaus Malware Labs observe a 40% increase in the number of domains that are being registered by cybercriminals to host a botnet command & control (C&C) it’s time to understand where the threats are coming from in the top-level domains (TLDs) space and learn how you can protect against them.

What is DNS Firewall? A beginner’s guide

14 September 2018


With the ever increasing demands on IT, security and networking teams, tools that reduce workloads, which don’t cost the earth, are always welcome. One such tool is DNS Firewall. Find out how it works, and the benefits it provides.