AWS Security ChangesHomeSearch

AWS Route53 documentation change

Service: Route53 · 2026-05-19 · Documentation low

File: Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md

Summary

Updated Managed Domain Lists documentation: Replaced table format with bullet points, added explicit list names and expanded descriptions for malware/botnet/threat lists, clarified GuardDuty threat list specifics and detection types.

Security assessment

The changes enhance documentation of existing security features (managed threat domain lists) by providing clearer naming and descriptions. While these lists block security threats, the update itself doesn't address any vulnerability but improves documentation of security capabilities.

Diff

diff --git a/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md b/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md
index db813e310..b8d007296 100644
--- a//Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md
+++ b//Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md
@@ -19 +19,14 @@ As a best practice, before using a Managed Domain List in production, test it in
-This section describes the Managed Domain Lists that are currently available for DNS Firewall Foundational rules. When you're in a Region where these lists are supported, you see them on the console when you manage domain lists and when you specify the domain list for a rule. In the logs, the domain list is logged within the `firewall_domain_list_id` field.
+This section describes the Managed Domain Lists that are currently available. When you're in a Region where these lists are supported, you see them on the console when you manage domain lists and when you specify the domain list for a rule. In the logs, the domain list is logged within the `firewall_domain_list_id field`.
+
+AWS provides the following Managed Domain Lists, in the Regions they are available, for all users of Resolver DNS Firewall. 
+
+  * `AWSManagedDomainsMalwareDomainList` – – Domains associated with sending malware, hosting malware, or distributing malware.
+
+  * `AWSManagedDomainsBotnetCommandandControl` – Domains associated with controlling networks of computers that are infected with spamming malware. 
+
+  * `AWSManagedDomainsAggregateThreatList` – Domains associated with multiple DNS threat categories including malware, ransomware, botnet, spyware, and DNS tunneling to help block multiple types of threats. `AWSManagedDomainsAggregateThreatList` includes all the domains in the other AWS Managed Domain Lists listed here.
+
+  * `AWSManagedDomainsAmazonGuardDutyThreatList` – Domains associated with Amazon GuardDuty DNS security findings. The domains are sourced from the GuardDuty's threat intelligence systems only, and do not contain domains sourced from external third-party sources. More specifically, currently this list will only block domains that are internally generated and used for following detections in GuardDuty: Impact:EC2/AbusedDomainRequest.Reputation, Impact:EC2/BitcoinDomainRequest.Reputation, Impact:EC2/MaliciousDomainRequest.Reputation, Impact:Runtime/AbusedDomainRequest.Reputation, Impact:Runtime/BitcoinDomainRequest.Reputation, and Impact:Runtime/MaliciousDomainRequest.Reputation.
+
+For more information see [Finding types](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html) in the _Amazon GuardDuty User Guide_.
+
@@ -21 +33,0 @@ This section describes the Managed Domain Lists that are currently available for
-AWS provides the following Managed Domain Lists under the Foundational rule type, in the Regions they are available, for all users of Resolver DNS Firewall.
@@ -23,6 +34,0 @@ AWS provides the following Managed Domain Lists under the Foundational rule type
-Threat Type | Description  
----|---  
-Malware | Domains associated with sending malware, hosting malware, or distributing malware.  
-Botnet/Command and Control | Domains associated with controlling networks of computers that are infected with spamming malware.  
-Aggregate Threat List | Domains associated with multiple DNS threat categories including malware, ransomware, botnet, spyware, and DNS tunneling to help block multiple types of threats. Aggregate Threat List includes all the domains in the other AWS Managed Domain Lists listed here.  
-Amazon GuardDuty Threat List | Domains associated with Amazon GuardDuty DNS security findings. The domains are sourced from the GuardDuty's threat intelligence systems only, and do not contain domains sourced from external third-party sources. More specifically, currently this list will only block domains that are internally generated and used for following detections in GuardDuty: Impact:EC2/AbusedDomainRequest.Reputation, Impact:EC2/BitcoinDomainRequest.Reputation, Impact:EC2/MaliciousDomainRequest.Reputation, Impact:Runtime/AbusedDomainRequest.Reputation, Impact:Runtime/BitcoinDomainRequest.Reputation, and Impact:Runtime/MaliciousDomainRequest.Reputation. For more information see [Finding types](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html) in the _Amazon GuardDuty User Guide_.  
@@ -140 +146 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-DNS Firewall Foundational Rules
+Resolver DNS Firewall domain lists