AWS Security ChangesHomeSearch

AWS Route53 medium security documentation change

Service: Route53 · 2025-11-19 · Security-related medium

File: Route53/latest/DeveloperGuide/resolver-dns-firewall-overview.md

Summary

Added documentation about Dictionary DGA threats and updated threat list in filtering section

Security assessment

The addition of Dictionary DGA documentation explains a specific attack vector (malware command-and-control evasion) and enhances security guidance. This directly relates to threat detection improvements in DNS Firewall protections.

Diff

diff --git a/Route53/latest/DeveloperGuide/resolver-dns-firewall-overview.md b/Route53/latest/DeveloperGuide/resolver-dns-firewall-overview.md
index 9176f8239..56406aee9 100644
--- a//Route53/latest/DeveloperGuide/resolver-dns-firewall-overview.md
+++ b//Route53/latest/DeveloperGuide/resolver-dns-firewall-overview.md
@@ -72,0 +73,4 @@ DNS tunneling is used by attackers to exfiltrate data from the client by using t
+  * Dictionary DGA
+
+Dictionary DGAs are used by attackers to generate domains using dictionary words to evade detection in malware command-and-control communications.
+
@@ -155 +159 @@ To implement Route 53 Resolver DNS Firewall filtering in your Amazon Virtual Pri
-  * **Define your filtering approach, your domain lists, or DNS Firewall protections** – Decide how you want to filter queries, identify the domain specifications that you'll need, and define the logic you'll use to evaluate queries. For example, you might want to allow all queries except for those that are in a list of known bad domains. Or you might want to do the opposite and block all but an approved list of domains, in what is known as a walled garden approach. You can create and manage your own lists of approved or blocked domain specifications and you can use domain lists that AWS manages for you. For DNS Firewall protections you can filter the queries by blocking them all, or you can alert on any suspicious query traffic to domains that may contain anomalies associated with threats (DGA, DNS tunneling) to test your DNS Firewall settings. For more information, see [Route 53 Resolver DNS Firewall domain lists](./resolver-dns-firewall-domain-lists.html) and [Route 53 Resolver DNS Firewall Advanced](./firewall-advanced.html).
+  * **Define your filtering approach, your domain lists, or DNS Firewall protections** – Decide how you want to filter queries, identify the domain specifications that you'll need, and define the logic you'll use to evaluate queries. For example, you might want to allow all queries except for those that are in a list of known bad domains. Or you might want to do the opposite and block all but an approved list of domains, in what is known as a walled garden approach. You can create and manage your own lists of approved or blocked domain specifications and you can use domain lists that AWS manages for you. For DNS Firewall protections you can filter the queries by blocking them all, or you can alert on any suspicious query traffic to domains that may contain anomalies associated with threats (DGA, DNS tunneling, Dictionary DGA) to test your DNS Firewall settings. For more information, see [Route 53 Resolver DNS Firewall domain lists](./resolver-dns-firewall-domain-lists.html) and [Route 53 Resolver DNS Firewall Advanced](./firewall-advanced.html).