DNS Firewall service is a highly DNS-, DoS- and abuse-aware load-balancer.
Its goal in life is to route traffic to the best server, cache DNS responses and delivering top performance to legitimate users while shunting or blocking abusive traffic.
It have capabilities to forge DNS entries in order to enforce resolution of some hosts.
There are some products that admit to the notion of a DNS firewall but only offer malicious host filtering capabilities. Artica Load-balancing does the same but works as a firewall dedicated to DNS protocol. It offers the possibility to create ACLs like a firewall to influence DNS responses.
With DNS Firewall method it is possible to do this kind of advanced rule :
For a DNS request that is resolved with A or NS or CNAME query on a server located in Panama and if the domain have “.club” or “.pro”' and “.xyz” extension and if it is categorized as Advertising or Tracker, then change the resolved IP address to 127.0.0.1
When creating DNS rules, you can associate objects that are focused on a given operation during resolution processing, such as host name, connecting IP address, resolved IP address, destination country, operation period, requested domain category. Objects contain multiple records and can be associated with rules in order to build a true hosts resolution security.
The Load-balancing service can be installed using the “Features” section under the "system" menu.
Search the entry “DNS Firewall” and click on “Install” button
This operation will uninstall any other DNS service you may have previously installed
After installation, use the left menu in "DNS" / "DNS Firewall" to customize the service options.
By default, the service is active and operational because Artica retrieves the public DNS servers that you have set in the general configuration. The only difference is that the service will process them in a balancing manner rather than sequentially.