Filter DNS traffic using Route 53 Resolver DNS Firewall - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Filter DNS traffic using Route 53 Resolver DNS Firewall

With DNS Firewall, you define domain name filtering rules in rule groups that you associate with your VPCs. You can specify lists of domain names to allow or block, and you can customize the responses for the DNS queries that you block. For more information, see the Route 53 Resolver DNS Firewall Documentation.

You implement DNS Firewall with the following Amazon resources.

DNS Firewall resource Description
DNS Firewall rule group A DNS Firewall rule group is a named, reusable collection of DNS Firewall rules for filtering DNS queries. You populate the rule group with the filtering rules, then associate the rule group with one or more VPCs from Amazon VPC. When you associate a rule group with a VPC, you enable DNS Firewall filtering for the VPC. Then, when Resolver receives a DNS query for a VPC that has a rule group associated with it, Resolver passes the query to DNS Firewall for filtering.

Each rule within the rule group specifies one domain list and an action to take on DNS queries whose domains match the domain specifications in the list. You can allow, block, or alert on matching queries. You can also define custom responses for blocked queries.

For more information, see Rule groups and rules in Route 53 Resolver DNS Firewall.

Domain list A domain list is a reusable set of domain specifications that you use in a DNS Firewall rule, inside a rule group.

For more information, see Domain lists in Route 53 Resolver DNS Firewall.

You can also use Amazon Firewall Manager to centrally configure and manage DNS Firewall resources across your accounts and organizations in Amazon Organizations. You can manage firewalls for multiple accounts using a single account in Firewall Manager. For more information, see Amazon Firewall Manager in the Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced Developer Guide.