DNS Firewall

    • Version: 4.0
    • Supported OSes:
      Windows 7, 8, 8.1, 10,
      Server 2008 R2, Server 2012,
      Server 2012 R2, Server 2016

    • NOTE: The Basic (free) edition has to be activated with a free serial key. See the product edition chart for details.

  • DNS Firewall log with successful DNS responses

Features 30-day Trial Basic
Maximum number of DNS rules Unlimited 50 500 10000
Maximum number of DNS records in cache Unlimited 100 Unlimited Unlimited
IP blocking of non-DNS resolved addresses yes yes yes yes
DNS activity monitoring yes yes yes yes
DNS cache yes no yes yes
DNS cache quick refresh of all domains yes no yes yes
DNS cache exclusive mode with
no external domain resolution
yes no no yes
Save DNS cache to disk yes no no yes
Save DNS activity log to disk yes no yes yes
Background without a watermark no no yes yes
License to use for more than 30 days no yes yes yes
Price (in USD) - Free $14.95 $19.95

Technical Specifications

Latest release 4.0 , 31 Dec 1999 , [Change Log, Previous Releases]
Supported networking Ethernet, IPv4, IPv6, TCP, UDP, DNS.
Traffic transformation engine Kernel-mode network driver.
Prerequisites .NET 4.0, up-to-date root certificates (or it will take 2 minutes to start).
Supported OSes Windows 7*, 8, 8.1, 10, Server 2008 R2*, Server 2012, Server 2012 R2, Server 2016.

*For Windows 2008 R2 and 7, required Service Pack 1 + KB3033929 (SHA-2 digital signing).
Recommended hardware CPU 1GHz and above, modern graphics card.
Additional hardware required none


This easy-to-use firewall application is what many people are looking for when it comes to monitoring DNS traffic and blocking specific domains. It is implemented as an application and allows loading of DNS blocking rules just by clicking on files containing the DNS rules. Switching between different sets of rules - no problem ! Just save the rules in different files, then load them with a click of a button. DNS blocking rules use simple wildcard pattern matching, they either block or allow DNS names to be resolved. IP Firewall allows to block direct access to servers with names or addresses not using DNS.

On top of that, DNS Firewall has its own DNS cache that can be used to speed up the domain name resolution process. Once a domain name is resolved, it is stored into the cache. There is no need to send DNS queries again to DNS servers when domain names can be resolved locally. The DNS Cache's Exclusive mode allows to force all domain name resolution to be performed only locally as it blocks any attempts to contact remote DNS servers. This feature improves web browsing, and it is simply priceless on slow networks with flaky DNS servers.

Another great feature of DNS Firewall is that its functionality is active while the application is running. In other words, once it is closed everything is back to the way it was without any need for reconfiguration. So when minimized, it places itself on the system tray to keep things running. You close it only when you want to stop it.

Easy-to-use, powerful, and with great a functionality. This is the DNS Firewall.

DNS Firewall

There are several main areas of functionality that DNS Firewall delivers. They are all assigned individual tabs within the user interface:

DNS Firewall tabs: DNS Activity, DNS Cache, DNS Servers

DNS Activity Log

It reflects all DNS requests going to DNS servers, to DNS cache, and responses coming back. Tooltips over statuses of log entries explain the status meaning.
All operations of DNS Activity Log can be accessed via its context menu (right mouse click).
context menu of DNS log
Each DNS Activity entry can serve as a template for creating a new DNS blocking rule. The name of the domain would automatically go into the pattern matching field of the new rule. The DNS Activity log can be copied to a Clipboard or saved into a log file. There are also options for DNS Activity log within the program Settings that allow storing the log into a file continuously.

DNS Rules

DNS rules is where the heart of the functionality is. All operations with DNS Cache can be accessed via its context menu.
context menu of DNS rules

Each rule specifies how the domain names matching the pattern are to be handled. Each rule has a pattern which may contain asterisk ('*') which matches any number of any characters. In the example below, the matching domains would contain text '.verigio.' and end with the character 'm'.
The "Act when pattern is NOT encountered" checkbox makes the rule to cover all domain names except for those matching the pattern.
context menu of DNS cache
What happens to domain names is determined by the rules with matching patterns. There are only two actions currently available for DNS blocking rules: to Block or to Never Block. By default, domain names not matching any of the rules are allowed. Whenever a domain name matches a rule containing the "Block" action, it is blocked, unless... Unless there is a matching "Never Block" rule. The order of rules does not play a role. Only the precedence of the matched rules is. "Never Block" always takes precedence. It is done to help you to quickly allow domains that are covered by too broad patterns of other blocking rules. There is a "Hit Count" statistics next to each rule which show the number of times rules have actually performed their actions.

IP Firewall

IP Firewall is a security feature that allows to quickly detect and block all traffic often associated with malware that bypasses DNS name resolution. IP Firewall forces all server name resolution to go only via DNS. By default, it blocks all IP addresses that are used directly without the DNS name resolution. However, once an IP address matches any resolved DNS name, it is automatically unblocked. Whenever IP Firewall is enabled with DNS Firewall Enable IP Firewall button, all blocked IP addresses are displayed in the DNS Activity Log.

DNS Cache

DNS Cache is active and shows up only when it is enabled. To enable it, use the appropriate toolbar button DNS Firewall Enable DNS cache or the menu button. DNS cache can also operate in Exclusive mode, which can be enabled via DNS Firewall exclusive mode of DNS cache. It limits the domain name resolution to DNS cache. In this mode all domain names that are not already in the cache are automatically blocked. DNS cache items have expiration time after that they purged from the cache. This time is set in the program Settings. To prevent cache items from expiring, the DNS cache Refresh is often used DNS Firewall DNS Cache refresh button to update all DNS cache items at once.
DNS Firewall DNS Cache context menu
New rules can be created from each DNS cache record just like from each DNS activity entry. The whole DNS cache can be saved to or loaded from a file. The file format is XML based. Even though the records themselves cannot be edited, they can be copied between different cache files using a text editing application like Notepad. Sometimes, there is a needed to populate the cache from already known domain names. This can be done by importing and resolving domain names. The text file has a format of a single domain name per text line. After being resolved, the domain names will be stored into the cache.

DNS Servers

DNS Servers page shows the statistics of DNS queries and the way they were resolved on per server basis. It makes it easy to see the benefits of using the DNS firewall with DNS cache enabled.

Startup options and command line parameters

When started, DNS Firewall adds its icon to the system tray. It also hides its main window when minimized, then lives on the system tray.

DNS Firewall Windows system tray icon

It can be started from a command line as follows:
   DNSFirewall.exe [file_name] [/systray]

* Windows® is a registered trademark of the Microsoft Corporation.