DNS Firewall provides comprehensive security protection and monitoring for various scenarios, such as Public Zone, Private Zone, HTTPDNS, and self-managed DNS. The firewall protects environments ranging from the internet to intranets and from the cloud to on-premises data centers. This ensures secure and reliable domain name resolution.
Features
Private Zone DNS Firewall
Private Zone DNS Firewall secures Private Zone. When an application in a Virtual Private Cloud (VPC) queries an external domain name through Private Zone, integrated threat intelligence detects and blocks malicious domain names in real time. These malicious domain names include those used for phishing, ransomware, and trojans. This process improves the security and reliability of application access.
Public Recursive DNS Firewall
Public Recursive DNS Firewall protects domain name queries sent to Recursive Gateway and HTTPDNS. After you enable this service, integrated threat intelligence accurately detects and blocks malicious domain names, such as those used for phishing, ransomware, and trojans. This process significantly improves the security and reliability of internet access.
Public Zone DNS Firewall
Alibaba Cloud DNS provides DDoS attack mitigation for Public Zone. For self-managed public authoritative resolution services, you can use an authoritative proxy for resolution. This enhances DNS security, accelerates access, and provides disaster recovery and high availability for your DNS service.
Benefits
High-precision threat intelligence
The Private Zone DNS Firewall and Public Recursive DNS Firewall integrate over 600,000 high-precision threat intelligence entries that cover more than 60 threat types, such as phishing, trojans, and ransomware. This allows them to accurately block malicious access and ensure security.
Visualized protection statistics
The Private Zone DNS Firewall and Public Recursive DNS Firewall provide visualized statistical analysis of the detection and blocking of malicious domain names. You can view blocking trends, malicious domain names, and threat types. This lets you monitor the security protection status in real time.
Unified, full-link protection
You can use the Private Zone DNS Firewall, Public Recursive DNS Firewall, and Public Zone DNS Firewall to build a complete protection system for internal and external DNS queries. This system provides centralized management and unified protection.
Scenarios
Component | Application Scenario | Scenario Description |
Private Zone DNS Firewall | Internal endpoint security | Blocks malicious domain names at the DNS layer for devices on a corporate intranet, such as office computers and servers. This effectively prevents security risks caused by user errors, such as clicking phishing links. |
Unified protection for cloud VPCs and self-managed data centers | For enterprises with hybrid clouds or multiple data centers, the Alibaba Cloud Private Zone DNS Firewall can cover both cloud VPCs and on-premises data center environments. It provides consistent security policies across all environments. | |
Sensitive data protection | In industries with high data security requirements, such as finance and healthcare, the firewall prevents sensitive data from being stolen or leaked by blocking access to malicious domain names. | |
Custom security policies | For specific industries or business scenarios, enterprises can create custom mitigation policies and integrate third-party threat intelligence. This helps build a security system that better fits their actual needs. | |
Public Recursive DNS Firewall | Malicious domain name blocking | Detects and blocks malicious domain name queries in real time. This prevents endpoint devices from accessing phishing websites and malware distribution sites. It helps avoid data breaches and device infections. |
Internet access security | Secures daily Internet activities for an enterprise. It reduces the probability of security incidents caused by employee errors, such as clicking unknown links. | |
Compliance support | Helps enterprises meet network security regulations. It enhances overall security protection capabilities and supports compliance efforts. | |
Security enhancement for open source DNS | For enterprises that have deployed open source DNS, connecting to the Alibaba Cloud Public Recursive DNS Firewall can significantly improve their security. It compensates for the shortcomings of open source DNS in detecting and blocking malicious domain names. | |
Public Zone DNS Firewall | Public DDoS attack mitigation | Provides DDoS attack mitigation for domain names hosted on Public Zone. |
Security for self-managed DNS | Uses an authoritative proxy for resolution to protect self-managed DNS from DDoS attacks and to accelerate DNS access. |
Billing
Billing for DNS Firewall depends on the features you use and your usage. The billable features include the Private Zone DNS Firewall and Public Recursive DNS Firewall. Usage is measured by the number of queries or the number of protected VPCs or domain names. Billing policies differ for each component and typically include pay-as-you-go and subscription methods. For more information, see Product billing.
FAQ
For answers to frequently asked questions about DNS Security, see DNS Security FAQ.