DNSVault works to help you build a secure enterprise network.

We've got what you need!

Appliance that have all the feature that we need to strengthen and protect our DNS.



Secure web interface with built-in user authentication, automation, data validation and auto blacklist DNS attack.

Fast and Efficient

Automatic fetch DNSKEY from children zone and simple DNSSEC zone signing with one click.


Support most DNS resource records, IPv4 and IPv6 records and secure dynamic DNS update.


Provide user with automated DNS zone serial numbers management, zone signing and DNSSEC key rollover.

Future Proof

Support user with DNS View, monitoring, reporting and multiuser DNS management.

Advanced DNS Firewall*

Protect user against online DNS-based malware by providing blacklist filtering.
* Only available in DNSVault Firewall version

Security Features

Advanced DNS Firewall

Advanced DNS Firewall protect the user against online DNS-based malware by providing blacklist filtering that prevent end user from reaching malware websites and block the communication between infected client to the command center.

Harden Firmware

DNSVault software have been certified by Common Criteria EAL2, an international standard (ISO/IEC 15408) for computer security certification. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.

Build in Firewall

DNSVault have its own built in network protection on hostile networks without the need to setup external firewall.

Auto Blacklist for DNS attack

Auto Blacklist for DNS attack is to prevent end user from reaching malware site by providing blacklist filtering and block the communication between infected client to the command center in real time.

Response Rate Limiting

RRL is an enhancement to implementations of the DNS protocol that can help mitigate DNS amplification attacks.


DNSSEC is the technology that was developed to among other things, protect against such attacks by digitally ‘signing’ data so you can be assured that the URL is valid.

Secure Zone Transfer using TSIG

Authentication using source IP address alone is considered insecure. Transaction Signatures, or TSIG for short, add cryptographic signatures as a method of authenticating a DNS conversation. It uses a shared secret to establish trust between the communicating parties.


RPZDB is a DNS blacklist system that take control over the network security with the new dimension that can stop malware and pulverize attempt to send sensitive data to the master thief.

Download our Brochure!

Collaboration Partners

Let's Get In Touch!

Ready to start your next project with us? That’s great! Give us a call or send us an email and we will get back to you as soon as possible!