AWS Security ChangesHomeSearch

AWS Route53 documentation change

Service: Route53 · 2026-05-31 · Documentation low

File: Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md

Summary

Reframed content around Foundational Rules, replaced bulleted list of managed domain lists with a table format, and consolidated GuardDuty threat descriptions.

Security assessment

Changes are presentational (converting lists to tables) and contextual (aligning with Foundational Rules branding). No new vulnerabilities or security incidents are addressed. The managed domain lists described are existing security features, but the update doesn't add new security documentation—it reformats existing content.

Diff

diff --git a/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md b/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md
index b8d007296..db813e310 100644
--- a//Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md
+++ b//Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md
@@ -19,14 +19 @@ As a best practice, before using a Managed Domain List in production, test it in
-This section describes the Managed Domain Lists that are currently available. When you're in a Region where these lists are supported, you see them on the console when you manage domain lists and when you specify the domain list for a rule. In the logs, the domain list is logged within the `firewall_domain_list_id field`.
-
-AWS provides the following Managed Domain Lists, in the Regions they are available, for all users of Resolver DNS Firewall. 
-
-  * `AWSManagedDomainsMalwareDomainList` – – Domains associated with sending malware, hosting malware, or distributing malware.
-
-  * `AWSManagedDomainsBotnetCommandandControl` – Domains associated with controlling networks of computers that are infected with spamming malware. 
-
-  * `AWSManagedDomainsAggregateThreatList` – Domains associated with multiple DNS threat categories including malware, ransomware, botnet, spyware, and DNS tunneling to help block multiple types of threats. `AWSManagedDomainsAggregateThreatList` includes all the domains in the other AWS Managed Domain Lists listed here.
-
-  * `AWSManagedDomainsAmazonGuardDutyThreatList` – Domains associated with Amazon GuardDuty DNS security findings. The domains are sourced from the GuardDuty's threat intelligence systems only, and do not contain domains sourced from external third-party sources. More specifically, currently this list will only block domains that are internally generated and used for following detections in GuardDuty: Impact:EC2/AbusedDomainRequest.Reputation, Impact:EC2/BitcoinDomainRequest.Reputation, Impact:EC2/MaliciousDomainRequest.Reputation, Impact:Runtime/AbusedDomainRequest.Reputation, Impact:Runtime/BitcoinDomainRequest.Reputation, and Impact:Runtime/MaliciousDomainRequest.Reputation.
-
-For more information see [Finding types](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html) in the _Amazon GuardDuty User Guide_.
-
+This section describes the Managed Domain Lists that are currently available for DNS Firewall Foundational rules. When you're in a Region where these lists are supported, you see them on the console when you manage domain lists and when you specify the domain list for a rule. In the logs, the domain list is logged within the `firewall_domain_list_id` field.
@@ -33,0 +21 @@ For more information see [Finding types](https://docs.aws.amazon.com/guardduty/l
+AWS provides the following Managed Domain Lists under the Foundational rule type, in the Regions they are available, for all users of Resolver DNS Firewall.
@@ -34,0 +23,6 @@ For more information see [Finding types](https://docs.aws.amazon.com/guardduty/l
+Threat Type | Description  
+---|---  
+Malware | Domains associated with sending malware, hosting malware, or distributing malware.  
+Botnet/Command and Control | Domains associated with controlling networks of computers that are infected with spamming malware.  
+Aggregate Threat List | Domains associated with multiple DNS threat categories including malware, ransomware, botnet, spyware, and DNS tunneling to help block multiple types of threats. Aggregate Threat List includes all the domains in the other AWS Managed Domain Lists listed here.  
+Amazon GuardDuty Threat List | Domains associated with Amazon GuardDuty DNS security findings. The domains are sourced from the GuardDuty's threat intelligence systems only, and do not contain domains sourced from external third-party sources. More specifically, currently this list will only block domains that are internally generated and used for following detections in GuardDuty: Impact:EC2/AbusedDomainRequest.Reputation, Impact:EC2/BitcoinDomainRequest.Reputation, Impact:EC2/MaliciousDomainRequest.Reputation, Impact:Runtime/AbusedDomainRequest.Reputation, Impact:Runtime/BitcoinDomainRequest.Reputation, and Impact:Runtime/MaliciousDomainRequest.Reputation. For more information see [Finding types](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html) in the _Amazon GuardDuty User Guide_.  
@@ -146 +140 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Resolver DNS Firewall domain lists
+DNS Firewall Foundational Rules