#main-nav-header { display:none; }

DNS Firewall

Secure DNS infrastructure against online attacks, increase uptime, and ensure lightning-fast performance with a DNS firewall.

Learn more Get DNS Firewall

What is a DNS firewall?

A DNS firewall offers security and performance improvements for DNS servers by acting as a protective tool sitting between a user's resolver and the authoritative nameserver.

DNS firewalls are equipped with rate-limiting capabilities to deter potential cyber attacks and ensure continuous service operation, even in cases of server downtime, by delivering DNS responses from cache.

Additionally, DNS firewalls bolster efficiency with faster DNS lookups and cost-effective bandwidth usage.

Learn more about DNS security

Benefits of DNS firewalls

Integrated security

DNS firewalls natively integrate with DDoS Mitigation and Rate Limiting for best-in-class protection — enabling you to automatically mitigate DDoS attacks and limit the number of queries-per-second that hits your DNS servers.

Increased availability

Even if your DNS servers are down, DNS firewalls can answer on your behalf by serving a stale answer from cache. That means your website will be available and traffic continues to flow, even when your origin nameservers are compromised.

Lightning-fast performance

A DNS firewall caches DNS responses at the network edge, ensuring that queries are resolved lightning-fast on every continent and in every major city regardless of origin server location.

Discover how to protect your business against DNS security and performance pitfalls

Read whitepaper

DNS Firewall use cases

Slide 1 of 3

Control what hits your network

With robust rate limiting capabilities, DNS firewalls shield your infrastructure from malicious and unwanted traffic. Rate limits are configurable over API, so you can easily configure them based on the health of your origin servers.

Automatically mitigate DDoS attacks

DDoS attacks on DNS infrastructure are becoming increasingly more common. A DNS firewall reroutes malicious traffic away from your origin nameservers and absorbs it across our global network. DNS firewalls also come with a dedicated automatic mitigation system that stops random prefix attacks.

Hide your origin IP from attackers

DNS firewalls mask the origin IP addresses of providers’ nameservers, keeping them safe from being targeted by attackers.

Control what hits your network

Automatically mitigate DDoS attacks

Hide your origin IP from attackers

DNS firewalls mask the origin IP addresses of providers’ nameservers, keeping them safe from being targeted by attackers.

Control what hits your network

Automatically mitigate DDoS attacks

Hide your origin IP from attackers

DNS firewalls mask the origin IP addresses of providers’ nameservers, keeping them safe from being targeted by attackers.

Related DNS Firewall case studies

FastMail

FastMail ensures that they never lose a message with Cloudflare protecting their DNS infrastructure.

Read case study

DigitalOcean

DigitalOcean answers 10,000 DNS queries every second. Cloudflare ensures their DNS infrastructure is protected.

Read case study

BigScoots

BigScoots and Cloudflare team up to counter 1 Tbps+ DDoS attacks, improve website performance and security, optimize Core web vitals and enhance the customer experience.

Read case study