Cloudflare DNS Firewall

Cloudflare DNS Firewall is a firewall-as-a-service that helps secure DNS infrastructure against online attacks while increasing uptime and ensuring lightning-fast performance.

Get DNS Firewall

Benefits of DNS Firewall

Security shield ddos protection blue
Integrated Security

DNS Firewall natively integrates with our Advanced DDoS Mitigation and Rate Limiting for best-in-class protection — enabling you to automatically mitigate DDoS attacks and limit the number of queries-per-second that hits your DNS servers.

Increased Availability

Even if your DNS servers are down, DNS Firewall can answer on your behalf by serving a stale answer from cache. That means your website will be available and traffic continues to flow, even when your origin nameservers are compromised.

Lightning-Fast Performance

Cloudflare caches DNS responses at the edge of our globally distributed network, ensuring that queries are resolved lightning-fast on every continent and in every major city regardless of origin server location.

Control What Hits Your Network

With robust rate limiting capabilities, DNS Firewall shields your infrastructure from malicious and unwanted traffic. Rate limits are configurable over API, so you can easily configure them based on the health of your origin servers.


Automatically Mitigate DDoS Attacks

DDoS attacks on DNS infrastructure are becoming increasingly more common. Cloudflare reroutes malicious traffic away from your origin nameservers and absorbs it across our global network. DNS Firewall also comes with a dedicated automatic mitigation system that stops random prefix attacks.


Hide Your Origin IP From Attackers

DNS Firewall masks the origin IP addresses of providers’ nameservers behind Cloudflare’s IP addresses, keeping them safe from being targeted by attackers.

Want DNS Firewall?

Easy Setup

With a simple change of your nameservers’ IP addresses, your DNS infrastructure can be protected in as little as 5 minutes.


Cloudflare DNS Firewall vs. Cloudflare Authoritative DNS

With Cloudflare, you have two options for securing your DNS infrastructure. Cloudflare Authoritative DNS is a fully managed and hosted DNS service. Cloudflare DNS Firewall, on the other hand, allows you to run your own infrastructure and keep your DNS records on your own nameservers. We recommend DNS Firewall for hosting and cloud providers, ISPs, registrars, and anyone running large authoritative DNS infrastructure.

Key Features

DDoS mitigation
High availability
Global distribution
Enhanced performance
Bandwidth savings
DNS caching
Random prefix attack mitigation
Rate limiting per data center
Specify minimum and maximum TTL
Block any queries

Trusted by millions of Internet properties

Logo mars trusted by gray
Logo loreal trusted by gray
Logo doordash trusted by gray
Logo garmin trusted by gray
Logo ibm trusted by gray
Logo 23andme trusted by gray
Logo shopify trusted by gray
Logo lending tree trusted by gray
Logo labcorp trusted by gray
Logo ncr trusted by gray
Logo thomson reuters trusted by gray
Logo zendesk trusted by gray