Skip to content
How it works Platform Pricing FAQ Docs Resources Support Portal
Enterprise DNS Firewall & Filtering · Zero agents

Stop threats
before the
connection.

VeraDNS inspects every DNS query on your network and blocks malware, phishing, ransomware and C2 the instant it's requested — entirely on your own infrastructure.

Data never leaves your network Live in under 60 minutes
Live DNS Queries 2,481 qps
Total
0
Allowed
0
Blocked
0

Trusted by security & network teams worldwide

How it works

DNS filtering at the
network level.

Zero agents. Zero client software. VeraDNS evaluates every DNS query against your policies, blocklists and threat intelligence before a single connection is made.

Clients · users, IoT, branches Allowed   BlockedDestinations
01

Deploy on your infra

Install via Docker on your own server or VM, then point your network's DNS to VeraDNS. No data ever leaves your environment.

02

Every query inspected

Each DNS request is evaluated against your security policies, blocklists and access rules — in real time, at the resolver.

03

Threats blocked instantly

Malware, phishing, trackers and policy-violating domains are stopped before a connection is established — for every device at once.

04

Full visibility & audit

Every query, block and admin action is logged. Investigate incidents, generate reports, and demonstrate compliance on demand.

Platform

One platform. Every DNS control.

From network-wide filtering to compliance reporting — everything your team needs to secure DNS, running entirely on your own infrastructure.

Network-wide filtering

Filter every DNS query for every device — users, servers, IoT and OT — with no endpoint agents to install or maintain.

Real-time threat intel

Auto-updating feeds block malware, phishing, ransomware and C2 domains the moment they're known — no manual upkeep.

Role-based access

Admin, Editor and Viewer tiers — enforced at the API layer with JWT auth, not just hidden in the interface.

Programmable policy

Define allow/block rules by category, group, client or time window — and roll them out across your whole estate instantly.

One-click compliance

Branded executive reports mapped to NIST 800-53, CIS v8, ISO 27K and NCSC — generated locally, never sent off-box.

Complete query log

Every request — domain, client, type, status, answer, latency — searchable live, with time-series trends.

SIEM & API export

Stream audit and query logs to Splunk, Sentinel or Elastic via REST in JSON or CSV — your data, your pipeline.

Encrypted DNS

Standard DNS, DoH, DoT and DNSSEC validation — enforce encrypted transport for internal clients to stop interception.

Self-hosted & sovereign

Runs on-premise, in your private cloud or your own VMs. No third-party dependency, no external query visibility.

Access control

Role-based access, enforced at the API level.

Manage your team with built-in RBAC. Admins configure everything; Editors manage policy; Viewers get read-only. Permissions are enforced at the API layer — not just the interface.

Three role tiers — Admin, Editor and Viewer, each with clearly scoped permissions.

API-level enforcement — permissions can't be bypassed through the UI or direct API calls.

JWT authentication with secure HttpOnly cookies and configurable session expiry.

Every permission change is recorded in the audit log automatically.

Users & Role ManagementRBAC
LA
L. Admin
Admin
NE
N. Editor
Editor
AV
A. Viewer
Viewer
PermissionADMEDIVIW
View dashboard & logs
Manage blocklists
Modify DNS settings
Manage users & roles
Export audit records
Audit & compliance

Compliance reports ready to send. One click.

Generate branded executive reports as PDF, CSV or HTML in a single click — mapped to NIST 800-53, CIS v8, ISO 27K and NCSC. Ready to hand to your auditor today.

DNS Security Posture report — resolution outcomes, latency and top talkers, with severity ratings.

Identity & Access report — every admin action, user change and login attempt in one export.

Generated locally — every export is produced on your own infrastructure, never sent off-box.

V DNS Security Posture Report Executive report · generated locally · never sent off-box PDF QUERIES 957 ALLOWED 646 BLOCKED 311 AVG LATENCY 0.4ms 67.5% allowed 32.5% blocked KEY FINDINGS High — 2 malware / phishing domains blocked at resolver Medium — 311 queries blocked across 15 categories Low — DNSSEC validation active on all upstream resolvers MAPPED TO NIST 800-53 CIS v8 ISO 27K NCSC Download PDF Export CSV
Network visibility

See every query. Catch every threat. In real time.

VeraDNS gives your team complete, live visibility into every DNS request on your network. Track total queries, blocked percentages, dangerous domains and resolver health as it happens.

Live query stream — domain, country, client, type, status, answer IP and latency, all searchable.

Risk scoring — a live posture score with breakdowns by category and client.

Drill-down analytics — group, break down and filter by status, then visualise on a world map.

Vera Insight — Live Query FlowLIVE
Risk score
73
Allowed
338
Blocked
135
Query log2,481 qps
0M+
Filter rules, auto-updated
0+
Threat categories blocked
0
Queries / sec at peak
0ms
Added resolution latency
Pricing

Plans for every scale of deployment.

Three packages that scale with your network, plus optional security add-ons. Every plan runs on your own infrastructure.

Starter
Essentials

For small teams and single-site offices getting started with network-wide DNS security.

2,000queries / sec
100users
RBAC — Admin & Viewer roles
Query log & audit log
Standard blocklist library
Email support
SIEM / REST API export
Custom integration development
Most Popular
Professional
Professional

For growing organisations needing higher throughput, richer threat feeds and SIEM integration.

10,000queries / sec
500users
Everything in Essentials
Extended blocklist library
SIEM & REST API export
Priority email & chat support
Custom integration development
Advanced
Advanced

For large enterprises and MSPs needing maximum scale, custom integrations and 24/7 SLA support.

20,000queries / sec
1,000+users
Everything in Professional
Custom integration development
SLA-backed 24/7 support
SSO via SAML 2.0 & LDAP/AD
Security add-ons

Optional modules — add to any package

Layer on deeper protection and insight, on top of any plan.

Advanced Threat

Deeper threat intelligence, malware sandboxing and command-and-control (C2) detection beyond the standard feeds.

Advanced Analytics

Extended dashboards, behavioural anomaly detection and custom report builders for your SOC team.

FAQ

Frequently asked questions.

VeraDNS runs entirely within your own infrastructure — on-premise, private cloud or your own VMs. No DNS queries, configuration data or audit logs are transmitted to external servers. Your data sovereignty is guaranteed by design.
Cloud DNS services route your queries through external servers, creating a third-party dependency and potential visibility into your network activity. VeraDNS resolves DNS entirely within your perimeter — you keep full control over blocklists, policies and query data, with no dependency on external availability.
Standard DNS (port 53), DNS-over-HTTPS (DoH), DNS-over-TLS (DoT) and DNSSEC validation. Encrypted DNS protocols can be enforced for internal clients to prevent query interception.
Professional and Advanced plans include REST API access for exporting audit and query logs in JSON or CSV, compatible with Splunk, Microsoft Sentinel, Elastic and other SIEM platforms. Advanced additionally supports SSO via SAML 2.0 and LDAP/Active Directory.
VeraDNS runs on any Linux server with Docker installed. Minimum recommended spec is 2 vCPU and 2 GB RAM. For high-availability deployments we recommend running multiple resolver instances behind a load balancer.
The 7-day trial includes full access to Professional-plan features — unlimited policies, the extended blocklist library, SIEM export and the full Vera Insight console. Our team contacts you within one business day with setup credentials.

Ready to secure your network
at the DNS layer?

Request a 7-day trial and speak with our team. No commitment required.