Everyone knows that a firewall is for blocking access to network resources—or at least you should. It’s such an important part of keeping computers safe that most modern operating systems come with this technology out of the box. But there’s a different kind of firewall that falls on the server-side of things—the DNS firewall. In this resource, you’ll learn all about this layer of protection and how it functions.
DNS Firewall: Terms to Know
- Firewall: A firewall is a security system for computer networks that monitors incoming and outgoing traffic and creates a barrier that prevents unauthorized or untrusted connections from accessing your network.
- DNS Resolver: A recursive DNS server that is responsible for answering initial internet queries and tracking down the IP address for a domain name.
- Authoritative DNS Server: Authoritative DNS servers are devices that always store DNS records and other pertinent information about domains.
- BIND: Berkeley Internet Name Domain (BIND) is a dual-purpose software that functions as both a recursive and authoritative nameserver for a DNS zone.
- Threat Feed: A large compilation of data on malicious websites and applications. When applied to a DNS firewall, it prevents users from accessing these unsafe websites.
- Threat Intelligence: An automated process that provides context for threat data, typically based on machine learning,
Tip: Want to learn more about recursive and authoritative DNS? Check out our blog: Authoritative and Recursive DNS: What’s the Difference?
DNS Firewall Explained
Just as a computer firewall monitors incoming and outgoing web traffic for personal devices and blocks unsafe connections, a DNS firewall functions the same way. The difference is that DNS firewalls analyze and filter queries based on threat feeds and threat intelligence. There are two types of DNS Firewalls, those for recursive servers and those for authoritative servers. Recursive firewalls protect users, while firewalls applied to authoritative nameservers protect the business or actual domain.
How Recursive DNS Firewalls Work
When a query is made from a user’s device, the DNS resolver verifies the safety of the request against a threat feed. If the query is for a site listed in the feed, it will be blocked and the user will be unable to gain access. If no security threat is detected, the query resolves as usual and the user will be taken to their intended destination.
When a device uses a recursive nameserver that has enabled DNS firewall protection, each DNS query is analyzed before the proper IP is returned to the client/device.
How Authoritative DNS Firewalls Work
When a DNS firewall is applied to an authoritative DNS server, it is done by creating rules based on certain criteria. For example, a company that doesn’t want to receive traffic from a specific region or country can set up a filter that prevents devices that match the criteria from accessing its network or server. This protects the domain from malicious or unwanted web activity.
Authoritative DNS firewalls are most often used to protect a domain from specific countries and/or networks (ASNs).
Did you know?: Constellix allows you to create your own DNS firewalls by using GeoIP filtering. With this feature, you can create custom business rules that sit in front of your DNS and block or filter traffic by location (down to the city level), IP address, and Autonomous System Network (ASN) number.
BIND: DNS Servers for Firewalls
Because DNS servers weren’t specifically designed to work in a firewall environment, special server configurations are required to run firewalls properly. One such method is using BIND, which is an open source program that functions as a recursive and authoritative server. This configuration necessitates the need for advanced understanding of both BIND and DNS, as well as firewalls and their capabilities. Because DNS firewalls were not originally intended to be part of the DNS protocol, there are special configurations that are often necessary in order for them to accomplish the desired action of the system/security administrator.
Types of Threats Blocked by DNS Firewalls
Much like a computer firewall, DNS firewalls block malicious or suspicious sites but at the DNS level. The types of sites that are found in threat feeds are:
Who Uses DNS Firewalls
Businesses of any size can benefit from the additional layer of security a recursive DNS firewall provides, but it is most often used in enterprise-level organizations and educational institutions. This is especially useful when large volumes of employees are accessing a company network. DNS firewalls not only protect from intentional connections to harmful sites, but prevents unwitting access to malicious sites and applications as well.
Enterprises, small businesses, and other domain owners can also protect their network from bad actors and suspicious or unwanted traffic by creating a firewall for their authoritative nameservers via GeoDNS solutions.
Why You Need a DNS Firewall
The world is becoming more digitized by the second. New technologies are constantly being developed and more work is being done online than ever before. With the increase in user activity also comes an increase in cybercrime. Additional layers of security are becoming a necessity for businesses that rely on a web presence.
If you found this useful, why not share it? If there’s a topic you’d like to know more about, reach out and let me know. I’d love to hear your thoughts!
Liked this? You might find these helpful:
All About Bind DNS: Who, How, & Why
GeoIP & Secondary DNS: Block Traffic. Stay Online.
Need better DNS?
We can help.
• Configure with ease
• Prevent DDoS attacks
• Monitor your domains
• Optimize site traffic
• Enhance domain performance
• Free POC Account + Demo
BOOK FREE DEMO
Constellix DNS News
Sign up for industry news and insights. It'll be worth it.
Sign up for news and offers from Constellix and DNS Made Easy
