DNS Proxywall

    • Version: 5.15
    • Supported OSes:
      Windows 7, 8, 8.1, 10,
      Server 2008 R2, Server 2012,
      Server 2012 R2, Server 2016

    • NOTE: The Basic (free) edition has to be activated with a free serial number. See the product edition chart for details.

  • DNS Proxywall main screenshot

Features 30-day Trial Basic (Free)
Maximum number of name pattern rules 10,000 50 500 10,000
Maximum number of DNS records in cache Unlimited 100 Unlimited Unlimited
Maximum number of rules category profiles 5 1 5 100
DNS activity monitoring yes yes yes yes
DNS promiscuous monitoring of
neighbors on the same subnet
(wired networking)
yes no yes yes
IP firewall blocking of network access to
IP addresses not within the DNS cache
yes no yes yes
DNS cache yes yes yes yes
DNS cache exclusive mode with
no external domain name resolution
yes no no yes
DNS cache caching of refused DNS requests yes no no yes
Save DNS cache to disk yes no no yes
Save DNS activity log to disk yes no yes yes
DNS proxy (standard DNS) yes yes yes yes
DNS proxy TCP tunnel yes no yes yes
DNS proxy SSL/TLS tunnel,
authentication with self-signed
yes no no yes
DNS proxy IP-based authentication
of clients
yes yes yes yes
DNS proxy max number of standard DNS
3 2 3 20
DNS proxy max number of tunnel DNS
3 0 3 20
DNS proxy DNS record TTL adjustment
to specified range
yes no no yes
DNS client for standard DNS servers yes yes yes yes
DNS client for DNS over TCP tunnels yes yes yes yes
DNS client for DNS over SSL/TLS tunnels yes no yes yes
Geo DNS max number of countries
for blocking/editing
Unlimited 5 Unlimited Unlimited
Geo DNS display geo info for IP addresses yes no yes yes
Geo DNS territory-based prioritization
(re-ordering) of IP addresses
yes no yes yes
Geo DNS database auto-download
Manual Manual 14+ days 1+ days
DNS request roundtrip calculation yes no no yes
Blocking DNS requests with long roundtrip yes no yes yes
Replacement of IP addresses for DNS
name patterns from the file.
yes yes yes yes
Background without a watermark no no yes yes
License to use for more than 30 days no yes yes yes
Price (in USD) - Free $14.95 $19.95

Technical Specifications

Latest release 5.15 , 29 Oct 2018 , [Change Log, Previous Releases]
Supported networking Ethernet, IPv4, IPv6, TCP, UDP, DNS.
Traffic transformation engine Kernel-mode network driver.
Prerequisites .NET 4.0, up-to-date root certificates (or it will take 2 minutes to start).
Supported OSes Windows 7*, 8, 8.1, 10, Server 2008 R2*, Server 2012, Server 2012 R2, Server 2016.

*For Windows 2008 R2 and 7, required Service Pack 1 + KB3033929 (SHA-2 digital signing).
Recommended hardware CPU 1GHz and above, modern graphics card.
Additional hardware required none


This easy-to-use firewall application is what many people are looking for when it comes to monitoring DNS traffic and blocking specific domains. It is implemented as an application and allows loading of DNS blocking rules just by clicking on files containing the DNS rules. Switching between different sets of rules - no problem ! Just save the rules in different files, then load them with a click of a button. DNS blocking rules use simple wildcard pattern matching, they either block or allow DNS names to be resolved. IP Proxywall allows to block direct access to servers with names or addresses not using DNS.

On top of that, DNS Proxywall has its own DNS cache that can be used to speed up the domain name resolution process. Once a domain name is resolved, it is stored into the cache. There is no need to send DNS queries again to DNS servers when domain names can be resolved locally. The DNS Cache's Exclusive mode allows to force all domain name resolution to be performed only locally as it blocks any attempts to contact remote DNS servers. This feature improves web browsing, and it is simply priceless on slow networks with flaky DNS servers.

Another great feature of DNS Proxywall is that its functionality is active while the application is running. In other words, once it is closed everything is back to the way it was without any need for reconfiguration. So when minimized, it places itself on the system tray to keep things running. You close it only when you want to stop it.

Easy-to-use, powerful, and with great a functionality. This is the DNS Proxywall.

DNS Proxywall

There are several main areas of functionality that DNS Proxywall delivers. They are all assigned individual tabs within the user interface:

DNS Proxywall tabs

DNS Activity Log

It reflects all DNS requests going to DNS servers, to DNS cache, and responses coming back. Tooltips over statuses of log entries explain the status meaning.
All operations of DNS Activity Log can be accessed via its context menu (right mouse click).
DNS Proxywall Log context menu
Each DNS Activity entry can serve as a template for creating a new DNS blocking rule. The name of the domain would automatically go into the pattern matching field of the new rule. The DNS Activity log can be copied to a Clipboard or saved into a log file. There are also options for DNS Activity log within the program Settings that allow storing the log into a file continuously.

DNS Rules

DNS rules is where the heart of the functionality is. All operations with DNS Cache can be accessed via its context menu.
DNS Proxywall DNS Rules context menu

Each rule specifies how the domain names matching the pattern are to be handled. Each rule has a pattern which may contain asterisk ('*') which matches any number of any characters. In the example below, the matching domains would contain text '.verigio.' and end with the character 'm'.
The "Act when pattern is NOT encountered" checkbox makes the rule to cover all domain names except for those matching the pattern.
DNS Proxywall DNS Cache context menu
What happens to domain names is determined by the rules with matching patterns. There are only two actions currently available for DNS blocking rules: to Block or to Never Block. By default, domain names not matching any of the rules are allowed. Whenever a domain name matches a rule containing the "Block" action, it is blocked, unless... Unless there is a matching "Never Block" rule. The order of rules does not play a role. Only the precedence of the matched rules is. "Never Block" always takes precedence. It is done to help you to quickly allow domains that are covered by too broad patterns of other blocking rules. There is a "Hit Count" statistics next to each rule which show the number of times rules have actually performed their actions.

IP Proxywall

IP Proxywall is a security feature that allows to quickly detect and block all traffic often associated with malware that bypasses DNS name resolution. IP Proxywall forces all server name resolution to go only via DNS. By default, it blocks all IP addresses that are used directly without the DNS name resolution. However, once an IP address matches any resolved DNS name, it is automatically unblocked. Whenever IP Proxywall is enabled with DNS Proxywall Enable IP Proxywall button, all blocked IP addresses are displayed in the DNS Activity Log.

DNS Cache

DNS Cache is active and shows up only when it is enabled. To enable it, use the appropriate toolbar button DNS Proxywall Enable DNS Cache button or the menu button. DNS cache can also operate in Exclusive mode, which can be enabled via DNS Proxywall DNS Cache exclusive mode. It limits the domain name resolution to DNS cache. In this mode all domain names that are not already in the cache are automatically blocked. DNS cache items have expiration time after that they purged from the cache. This time is set in the program Settings. To prevent cache items from expiring, the DNS cache Refresh is often used DNS Proxywall DNS Cache refresh button to update all DNS cache items at once.
DNS Proxywall DNS Cache context menu
New rules can be created from each DNS cache record just like from each DNS activity entry. The whole DNS cache can be saved to or loaded from a file. The file format is XML based. Even though the records themselves cannot be edited, they can be copied between different cache files using a text editing application like Notepad. Sometimes, there is a needed to populate the cache from already known domain names. This can be done by importing and resolving domain names. The text file has a format of a single domain name per text line. After being resolved, the domain names will be stored into the cache.

DNS Servers

DNS Servers page shows the statistics of DNS queries and the way they were resolved on per server basis. It makes it easy to see the benefits of using the DNS firewall with DNS cache enabled.

Startup options and command line parameters

When started, DNS Proxywall adds its icon to the system tray. It also hides its main window when minimized, then lives on the system tray.

DNS Proxywall Windows system tray icon

It can be started from a command line as follows:
   DNSProxywall.exe [file_name] [/systray]

  • "file_name" - the name of the file to load and run.
  • "/systray" - the flag that hides the main window after placing an icon to the system tray.

* Windows® is a registered trademark of the Microsoft Corporation.