To stop both infiltration and exfiltration attempts, such as a DNS leak, the FortiGuard DNS Filtering Service rejects queries arriving from staging sites over any port or protocol. If compromised devices connect to your network, DNS-layer protection stops any malware they may try to send. It also prevents callbacks from your DNS server to the attackers who may be trying to hijack it. By interrupting this line of communication, the FortiGuard DNS Filtering Service prevents your DNS from being taken over and abused by hackers.

Features

FORTIGUARD DNS FILTERING
Filters DNS requests based on FortiGuard domain ratings

BOTNET C&C DOMAIN BLOCKING
Blocks DNS requests to known botnet command and control domains

DNS SECURITY EXTENSIONS (DNSSEC)
Uses digital signatures to verify the authenticity of DNS responses

DNS FLOOD PROTECTION
Protects against DNS flood attacks by limiting the number of DNS requests

DNS INSPECTION WITH DOT AND DOH
Supports DNS over TLS (DoT) and DNS over HTTPS (DoH) in DNS inspection