Rule settings in DNS Firewall
When you create or edit a rule in a DNS Firewall rule group, you specify the following values:
- Name
-
A unique identifier for the rule in the rule group.
- (Optional) Description
-
A short description that provides more information about the rule.
- Domain list
-
The list of domains that the rule inspects for. You can create and manage your own domain list or you can subscribe to a domain list that AWS manages for you. For more information, see Route 53 Resolver DNS Firewall domain lists.
- Query type
-
The list of DNS query types that the rule inspects for. The following are the valid values:
A: Returns an IPv4 address.
AAAA: Returns an Ipv6 address.
CAA: Restricts CAs that can create SSL/TLS certifications for the domain.
CNAME: Returns another domain name.
DS: Record that identifies the DNSSEC signing key of a delegated zone.
MX: Specifies mail servers.
NAPTR: Regular-expression-based rewriting of domain names.
NS: Authoritative name servers.
PTR: Maps an IP address to a domain name.
SOA: Start of authority record for the zone.
SPF: Lists the servers authorized to send emails from a domain.
SRV: Application specific values that identify servers.
TXT: Verifies email senders and application-specific values.
A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPE
NUMBER
, where theNUMBER
can be 1-65334, for example, TYPE28. For more information, see List of DNS record types. You can create one query type per rule.
- Action
-
How you want DNS Firewall to handle a DNS query whose domain name matches the specifications in the rule's domain list. For more information, see Rule actions in DNS Firewall.
- Priority
-
Unique positive integer setting for the rule within the rule group that determines processing order. DNS Firewall inspects DNS queries against the rules in a rule group starting with the lowest numeric priority setting and going up. You can change a rule's priority at any time, for example to change the order of processing or make space for other rules.