DNS Firewall natively integrates with our Advanced DDoS Mitigation and Rate Limiting for best-in-class protection — enabling you to automatically mitigate DDoS attacks and limit the number of queries-per-second that hits your DNS servers.
Even if your DNS servers are down, DNS Firewall can answer on your behalf by serving a stale answer from cache. That means your website will be available and traffic continues to flow, even when your origin nameservers are compromised.
Cloudflare caches DNS responses at the edge of our globally distributed network, ensuring that queries are resolved lightning-fast on every continent and in every major city regardless of origin server location.
“Your protection has enabled us to keep growing without worrying about attacks to our DNS infrastructure. Your services have also given our clients a chance to reduce their bandwidth usage and make their sites load faster.”
CEO of Duplika
With robust rate limiting capabilities, DNS Firewall shields your infrastructure from malicious and unwanted traffic. Rate limits are configurable over API, so you can easily configure them based on the health of your origin servers.
DDoS attacks on DNS infrastructure are becoming increasingly more common. Cloudflare reroutes malicious traffic away from your origin nameservers and absorbs it across our global network. DNS Firewall also comes with a dedicated automatic mitigation system that stops random prefix attacks.
DNS Firewall masks the origin IP addresses of providers’ nameservers behind Cloudflare’s IP addresses, keeping them safe from being targeted by attackers.
With a simple change of your nameservers’ IP addresses, your DNS infrastructure can be protected in as little as 5 minutes.
With Cloudflare, you have two options for securing your DNS infrastructure:
Cloudflare DNS Firewall allows you to run your own infrastructure and keep your DNS records on your own nameservers while leveraging Cloudflare's global network and features like DDoS mitigation, rate limiting, caching and more. We recommend DNS Firewall for hosting and cloud providers, ISPs, registrars, and anyone running a large authoritative DNS infrastructure.
Cloudflare Authoritative DNS is an enterprise-grade, fully managed and hosted DNS service that also offers built-in DDoS protection and DNSSEC. We recommend our authoritative DNS solution for anyone who wants to use Cloudflare as their primary or secondary DNS provider. Learn more.