What is DNS RPZ?

DNS RPZ (Response Policy Zone) is a DNS-level firewall mechanism that allows administrators to enforce custom policies on domain name queries. Instead of resolving domains in the usual way, RPZ enables the DNS resolver to block, redirect, or alter the response for domains that match predefined rules, such as malicious, phishing, or unwanted content sites.

This technology is especially useful to strengthen security at the DNS layer, as it allows blocking access to dangerous domains even before a connection is established. RPZ rules can be defined internally or fed from external threat intelligence sources, making it an effective tool for real-time risk mitigation and content filtering.

Note: DNS RPZ acts only on domain name resolution. If a compromised machine connects directly to a command and control (C&C) server using a fixed IP address, the request will not go through DNS and therefore will not be blocked. For this reason, DNS RPZ should be used as part of a broader layered security strategy.