Our Blog

Amazon Route 53 DNS Firewall adds protection against Dictionary-based DGA attacks

Published
November 17, 2025
https://aws.amazon.com/about-aws/whats-new/2025/11/amazon-route-53-dns-firewall-protection-dictionary-dga-attacks

Route 53 Resolver DNS Firewall Advanced

Starting today, you can enable Route 53 Resolver DNS Firewall Advanced to monitor and block queries associated with Dictionary-based Domain Generation Algorithm (DGA) attacks. This feature helps to protect against attacks that generate domain names by pseudo-randomly concatenating words from a predefined dictionary, creating human-readable strings to evade detection.

Route 53 DNS Firewall Advanced enables you to enforce protections to monitor and block your DNS traffic in real-time based on anomalies identified in the domain names being queried from your VPCs. This includes protections for DNS tunneling and DGA attacks, with the new addition of Dictionary-based DGA attacks.

What to do

  • Configure one or multiple DNS Firewall Advanced rules specifying Dictionary DGA as the threat to be inspected.
  • Add the rule(s) to a DNS Firewall rule group.
  • Enforce the rule group on your VPCs by associating it directly or using AWS Firewall Manager, AWS Resource Access Manager (RAM), AWS CloudFormation, or Route 53 Profiles.

Route 53 Resolver DNS Firewall Advanced support for Dictionary DGA is available in all AWS Regions, including the AWS GovCloud (US) Regions.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/10/aws-marketplace-currencies-usage-based-private-offers

AWS Marketplace now supports new currencies for usage-based private offers

AWS Marketplace now supports usage-based private offers in four new currencies: EUR, GBP, AUD, and JPY
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-connect-copy-bulk-edit-agent-scheduling/

Amazon Connect now supports copy and bulk edit of agent scheduling configuration

Amazon Connect now supports copy and bulk edit of agent scheduling configuration, making it easier to set up and maintain agent schedules
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/oracle-database-aws-kms-integration-oracle-transparent-data-encryption/

Oracle Database@AWS now supports AWS KMS integration with Oracle Transparent Data Encryption

Oracle Database@AWS is now integrated with AWS Key Management Service (KMS) to manage database encryption keys
Read more
View all