What is a DNS Firewall?

A DNS firewall is a cyber security defense that uses the DNS protocol to prevent endpoints (laptops, workstations, servers, IoT devices, etc.) from acquiring an IP address (A record) to a malicious destination. This is also known as DNS filtering.

How does a DNS Firewall Work?

There are a few ways to deploy a DNS firewall. Securd delivers a DNS Firewall as a cloud based service on an worldwide anycast network.

Endpoint Initiates A DNS Lookup

An endpoint attempts to access a domain name such as maliciousdomain.com. For the endpoint to connect to the domain, it needs to get an A record with an IP address.

We Validate The Query

Securd determines if the DNS query is coming from a subscribed customer. If the DNS query if not approved, it will be blocked. Otherwise, Securd will process the subscriber DNS query.

We Processes The DNS Query

If the DNS query matches the criteria in a security policy, Securd returns its response. Instead of allowing Securd global recursive DNS servers to process the request, the DNS server will respond with a block. If a browser produces the query, the user gets a block page with the reason why it was denied. All the blocked traffic is logged for the administrator to review.

Access To The Threat Denied

If the DNS query matches criteria in a security policy, Securd returns it's own response. Instead of allowing Securd global recursive DNS servers to continue to process the request, a block response is provided back to the endpoint. If this request was done through a browser, the user would be redirected to a block page with the reason why the block occurred. The block is recorded in passive dns logs available to the customer administrator.

What Threats Does DNS Filtering Mitigate?

The Securd DNS Firewall gives endpoints connecting directly to the Internet protection from the most common delivery of attacks including phishing, malware, ransomware, adware and more.

Covid Threats

Domains associated to Covid-19 related cyber crime.

Zero Reputation

New registered domains and dormant domains.

Poor Reputation

Domains controlled by spammers and bad actors.

Botnet Command Control

Domains hosting a botnet C&C.


Domains hosting malicious adware.


Domains hosting an active phishing site.

Malware Hoster

Domains hosting downloadable malware.

Botnet Resource

Domains hosting a botnet component.

Bad Nameserver

DNS servers with poor reputation.

Domain Algorithm (DGA)

Domains generated by an algorithm.

Crypto Mining

Domains hosting crypto mining scripts.


Typosquatting domains that target top sites.

High Risk Networks

Domain hosted on globally blocklisted IP or network.

Pornographic Content

Domain hosting pornographic content.

Build Your Own Blocklist

Create any global block list of hostnames or domains you want to block.

Try Securd free for 14 days

Start protecting your network and endpoints from cyber threats in minutes.



Get started now and you can cancel at any time.