Why use a DNS firewall?

AA-00514

Crime and network abuse on the internet uses the Domain Name System (DNS), thus protection against these threats should include DNS firewalling. A DNS firewall can selectively intercept DNS queries for known network assets including domain names, IP addresses, and name servers. Interception can mean rewriting a DNS response to direct a web browser to a "walled garden", or simply making any malicious network assets invisible and unreachable.

See also: Building DNS Firewalls with Response Policy Zones (RPZ)