Abstract: Systems, methods, and software described herein manage traffic rules in association with fully qualified domain names (FQDNs). In one implementation, a domain name system (DNS) security service obtains a FQDN associated with a DNS request by a computing device. The DNS security service determines a first score for the FQDN based on trust factors associated with the FQDN and determines whether the first score satisfies one or more criteria. When the first score satisfies the one or more criteria, the DNS security service evaluates host posture information associated with an IP address in the DNS response for the FQDN, updates the first score to a second score based on the host posture information, and determines a traffic rule for the FQDN based on the second score.

Abstract: Systems, methods, and software are included herein to manage domain name system (DNS) requests to DNS servers. In one implementation, a computing device joins a local network and identifies a connection to a first DNS server associated with the local network. The computing device further implements first DNS rules based on the connection to the first server and monitors when a second DNS server is available using the local network. When the second DNS server becomes available, the computing device implements second DNS rules in place of the first DNS rules, wherein the second DNS rules direct DNS requests to the second DNS server in place of the first DNS server.

Abstract: Systems, methods, and software described herein manage server connection resets based on domain name server (DNS) information. In one implementation, a firewall may receive a reverse DNS request from a computing system and communicate a request to a DNS security service to determine whether a destination associated with the reverse DNS request is malicious. The firewall further receives a response from the DNS security service that indicates that the destination is malicious and, when the response indicates that the destination is malicious, communicates a reset command to the destination to reset a connection between the destination and the computing system.

Abstract: The technology disclosed herein enables detection of domain hijacking when a DNS resolver is performing a DNS lookup. In a particular embodiment, a method provides, in response to a request to resolve a network address corresponding to a domain name, determining that a nameserver for the domain name is suspect based on satisfaction of nameserver criteria associated with the domain name. The method further includes preventing the nameserver from being used to resolve the request in response to determining that the nameserver is suspect.