Stop the CNAME chain struggle: Simplified management with Route 53 Resolver DNS Firewall
AWS News Blog
This article discusses a new feature in Amazon Route 53 Resolver DNS Firewall that simplifies the management of DNS resolution chains involving CNAME, DNAME, or Alias records.
Specifically, the article covers:
- The purpose of DNS Firewall in protecting against security risks like malicious code exfiltrating data via DNS requests
- The challenge of configuring DNS Firewall rules to allow resolution of domains that involve redirection chains (CNAME, DNAME, or Alias records)
- A new parameter in the UpdateFirewallRule API to automatically trust all domains in a redirection chain for a domain specified in the DNS Firewall rule
- A step-by-step example demonstrating how to update a DNS Firewall rule to trust the redirection chain for alexa.amazon.com
- The benefit of this feature in simplifying DNS Firewall management without needing to manually maintain lists of authorized domains in redirection chains
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
May 13
2025
2025
Protect against advanced DNS threats with Amazon Route 53 Resolver DNS Firewall
Nov 15
2024
2024
Introducing Amazon Route 53 Resolver DNS Firewall Advanced
Mar 13
2023
2023
Centralizing Domain List Management for AWS Network Firewall and Route 53 Resolver DNS Firewall
Mar 24
2025
2025
Using Amazon Route 53 Resolver DNS Firewall to detect malicious domains
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.