|Maximum number of DNS rules||Unlimited||50||500||10000|
|Maximum number of DNS records in cache||Unlimited||100||Unlimited||Unlimited|
|IP blocking of non-DNS resolved addresses||yes||yes||yes||yes|
|DNS activity monitoring||yes||yes||yes||yes|
|DNS cache quick refresh of all domains||yes||no||yes||yes|
DNS cache exclusive mode with
no external domain resolution
|Save DNS cache to disk||yes||no||no||yes|
|Save DNS activity log to disk||yes||no||yes||yes|
|Background without a watermark||no||no||yes||yes|
|License to use for more than 30 days||no||yes||yes||yes|
|Price (in USD)||-||Free||$14.95||$19.95|
|Latest release||4.0 , 31 Dec 1999 , [Change Log, Previous Releases]|
|Supported networking||Ethernet, IPv4, IPv6, TCP, UDP, DNS.|
|Traffic transformation engine||Kernel-mode network driver.|
|Prerequisites||.NET 4.0, up-to-date root certificates (or it will take 2 minutes to start).|
Windows 7*, 8, 8.1, 10, Server 2008 R2*, Server 2012, Server 2012 R2, Server 2016.
*For Windows 2008 R2 and 7, required Service Pack 1 + KB3033929 (SHA-2 digital signing).
|Recommended hardware||CPU 1GHz and above, modern graphics card.|
|Additional hardware required||none|
This easy-to-use firewall application is what many people are looking for when it comes to monitoring DNS traffic and blocking specific domains. It is implemented as an application and allows loading of DNS blocking rules just by clicking on files containing the DNS rules. Switching between different sets of rules - no problem ! Just save the rules in different files, then load them with a click of a button. DNS blocking rules use simple wildcard pattern matching, they either block or allow DNS names to be resolved. IP Firewall allows to block direct access to servers with names or addresses not using DNS.
On top of that, DNS Firewall has its own DNS cache that can be used to speed up the domain name resolution process. Once a domain name is resolved, it is stored into the cache. There is no need to send DNS queries again to DNS servers when domain names can be resolved locally. The DNS Cache's Exclusive mode allows to force all domain name resolution to be performed only locally as it blocks any attempts to contact remote DNS servers. This feature improves web browsing, and it is simply priceless on slow networks with flaky DNS servers.
Another great feature of DNS Firewall is that its functionality is active while the application is running. In other words, once it is closed everything is back to the way it was without any need for reconfiguration. So when minimized, it places itself on the system tray to keep things running. You close it only when you want to stop it.
Easy-to-use, powerful, and with great a functionality. This is the DNS Firewall.
There are several main areas of functionality that DNS Firewall delivers. They are all assigned individual tabs within the user interface:
It reflects all DNS requests going to DNS servers, to DNS cache, and responses coming back. Tooltips over statuses
of log entries explain the status meaning.
All operations of DNS Activity Log can be accessed via its context menu (right mouse click).
Each DNS Activity entry can serve as a template for creating a new DNS blocking rule. The name of the domain would automatically go into the pattern matching field of the new rule. The DNS Activity log can be copied to a Clipboard or saved into a log file. There are also options for DNS Activity log within the program Settings that allow storing the log into a file continuously.
DNS rules is where the heart of the functionality is. All operations with DNS Cache can be accessed via
its context menu.
Each rule specifies how the domain names matching the pattern are to be handled. Each rule has a pattern which may
contain asterisk ('*') which matches any number of any characters. In the example below, the matching domains
would contain text '.verigio.' and end with the character 'm'.
The "Act when pattern is NOT encountered" checkbox makes the rule to cover all domain names except for those matching the pattern.
What happens to domain names is determined by the rules with matching patterns. There are only two actions currently available for DNS blocking rules: to Block or to Never Block. By default, domain names not matching any of the rules are allowed. Whenever a domain name matches a rule containing the "Block" action, it is blocked, unless... Unless there is a matching "Never Block" rule. The order of rules does not play a role. Only the precedence of the matched rules is. "Never Block" always takes precedence. It is done to help you to quickly allow domains that are covered by too broad patterns of other blocking rules. There is a "Hit Count" statistics next to each rule which show the number of times rules have actually performed their actions.
IP Firewall is a security feature that allows to quickly detect and block all traffic often associated with malware that bypasses DNS name resolution. IP Firewall forces all server name resolution to go only via DNS. By default, it blocks all IP addresses that are used directly without the DNS name resolution. However, once an IP address matches any resolved DNS name, it is automatically unblocked. Whenever IP Firewall is enabled with , all blocked IP addresses are displayed in the DNS Activity Log.
DNS Cache is active and shows up only when it is enabled. To enable it, use the appropriate toolbar
or the menu button. DNS cache can also operate in Exclusive mode, which can be enabled via
It limits the domain name resolution to DNS cache.
In this mode all domain names that are not already in the cache are automatically blocked.
DNS cache items have expiration time after that they purged from the cache. This time is set in the program
Settings. To prevent
cache items from expiring, the DNS cache Refresh is often used
to update all DNS cache items at once.
New rules can be created from each DNS cache record just like from each DNS activity entry. The whole DNS cache can be saved to or loaded from a file. The file format is XML based. Even though the records themselves cannot be edited, they can be copied between different cache files using a text editing application like Notepad. Sometimes, there is a needed to populate the cache from already known domain names. This can be done by importing and resolving domain names. The text file has a format of a single domain name per text line. After being resolved, the domain names will be stored into the cache.
DNS Servers page shows the statistics of DNS queries and the way they were resolved on per server basis. It makes it easy to see the benefits of using the DNS firewall with DNS cache enabled.
When started, DNS Firewall adds its icon to the system tray. It also hides its main window when minimized, then lives on the system tray.
It can be started from a command line as follows:
DNSFirewall.exe [file_name] [/systray]
* Windows® is a registered trademark of the Microsoft Corporation.