AWS DNS Firewall Technical Analysis

AWS DNS Firewall is a managed firewall service that helps to protect you against DNS exfiltration. It was released on Mar 31, 2021. You can run AWS DNS Firewall in blacklist or whitelist mode.

This article assumed you have the basic knowledge about AWS DNS Firewall (e.g. Rule groups, rules and domain lists). If not, you can refer to “How Route 53 Resolver DNS Firewall works” to find out more.

Blacklist Mode

By default, if you do not have any rules in your rule group, all the DNS queries will be allowed to go…