NEW CortexDNS v2.1 with Health Check Auto-Fix, SSL Offloading, and Enhanced Offline Installation See what's new
Enterprise-grade DNS Security Platform

DNS Security That
Actually Works

CortexDNS combines authoritative DNS management, intelligent threat filtering, and real-time analytics into a single platform. Stop threats at the DNS layer before they reach your network.

Get Started Learn More
High Performance Built for scale
On-Prem Ready Your infrastructure
Open Source Core Transparent & auditable
cortexdns.local/dashboard
Total Queries
1,247,832
+12.4%
Blocked
48,291
3.87%
Clients
342
+8
The Challenge

DNS is your network's Achilles heel

Over 90% of malware uses DNS for command and control. Traditional firewalls can't see it. Your security stack has a massive blind spot, and attackers know it.

91%
of malware uses DNS to communicate
$4.2M
average cost of a data breach
287 days
average time to identify a breach
Your Network
💻Phishing
🐛Malware C2
📤Data Exfil
DNS Tunnel
💀Ransomware
Capabilities

Everything you need for DNS security

From authoritative DNS management to threat blocking, CortexDNS provides complete visibility and control over your DNS infrastructure.

Core

DNS Authority Management

Full administrative control over your authoritative DNS. Create zones, manage records, configure DNSSEC, and monitor health through an intuitive interface.

  • Zone and record management with bulk operations
  • DNSSEC signing and key rotation
  • SOA, NS, A, AAAA, CNAME, MX, TXT, SRV support
  • Import/export via AXFR and zone files

Threat Filtering Engine

Network-wide ad blocking and threat filtering. Manage blocklists, allowlists, and client groups through a unified dashboard.

  • Custom blocklist and allowlist management
  • Client and group-based filtering
  • Query log with search and export
  • Real-time blocking statistics

Analytics & Reporting

Deep visibility into DNS traffic patterns. Identify anomalies, track trends, and generate compliance reports.

  • Real-time query analytics dashboard
  • Top clients, domains, and query types
  • Trend analysis and anomaly detection
  • Scheduled reports and alerts

Audit Logging

Complete audit trail for compliance and forensics. Track every configuration change with user attribution and timestamps.

  • Comprehensive change logging
  • User action attribution
  • Retention policies and archival
  • SIEM integration support

Multi-tenancy

Isolate environments for different teams, departments, or customers. Role-based access control with granular permissions.

  • Tenant isolation and segregation
  • Custom RBAC policies
  • Delegated administration
  • Per-tenant quotas and limits

REST API

Automate everything with our comprehensive API. Integrate with your existing tools and workflows.

  • Full OpenAPI 3.0 specification
  • Swagger documentation
  • Webhook support for events
  • SDK libraries for popular languages

Two-Factor Authentication

Secure your DNS management with TOTP-based two-factor authentication. Protect admin accounts from unauthorized access.

  • TOTP authenticator support
  • QR code setup wizard
  • Backup recovery codes
  • Per-user 2FA enforcement

Compliance Reports

Generate detailed compliance and audit reports for regulatory requirements. Export in multiple formats for stakeholders.

  • DNS query audit trails
  • Security compliance reports
  • PDF and CSV export
  • Scheduled report delivery

DNS Migration Tool

Seamlessly migrate from Windows DNS Server to CortexDNS with our automated migration wizard. Zero downtime transitions.

  • Windows DNS zone import
  • Automated record conversion
  • Validation and rollback
  • Step-by-step migration guide

Light & Dark Themes

Customize your workspace with light and dark theme options. Reduce eye strain during extended management sessions.

  • System preference detection
  • Manual theme toggle
  • Per-user theme settings
  • Consistent UI across modules
New in v1.3

DNSSEC Key Management

Full DNSSEC key lifecycle management through an intuitive UI. Create, rotate, and manage cryptographic keys with ease.

  • KSK, ZSK, CSK key support
  • Key rotation workflow
  • DS record generation for registrar
  • Algorithm selection (ED25519, ECDSA, RSA)
New in v1.3

BIND Zone Import

Import DNS records from BIND zone files with drag-and-drop simplicity. Preview and validate before applying changes.

  • Drag & drop file upload
  • Text paste mode
  • Record preview and validation
  • $TTL and $ORIGIN directive support
New in v1.2

Threat Intelligence

Integrated domain classification and DGA detection powered by machine learning. Know what's hitting your network in real-time.

  • Domain category classification
  • DGA (Domain Generation Algorithm) detection
  • Risk scoring and severity levels
  • Query Log classification popover
New in v1.1

Alerts & Notifications

Stay informed with configurable alerts and notifications. Get notified via email or webhook when threats are detected.

  • Email notifications
  • Webhook integration
  • Custom alert rules
  • Threshold-based triggers
New in v1.1

SIEM Integration

Forward DNS logs to your SIEM platform for centralized security monitoring. Syslog and webhook formats supported.

  • Syslog forwarding
  • JSON webhook format
  • Configurable log levels
  • Real-time event streaming
New in v1.2

Block Page

Custom block pages with category information. Users see why a domain was blocked instead of a generic error.

  • Category-aware block pages
  • Custom branding support
  • Request unblock workflow
  • Multi-language support
New in v1.2

Rate Limiting

Protect your API endpoints with token bucket rate limiting. Prevent abuse and ensure fair resource allocation.

  • Token bucket algorithm
  • Per-IP rate limits
  • Configurable thresholds
  • Rate limit headers
New in v2.1

Health Check & Auto-Fix

Automatic diagnostics and self-healing for enterprise deployments. Detect and fix configuration issues automatically.

  • Automatic configuration validation
  • API key synchronization check
  • Service health monitoring
  • One-command auto-fix
New in v2.1

SSL Offloading Support

Deploy behind HAProxy, F5, or any load balancer with SSL termination. Full support for X-Forwarded-Proto headers.

  • HAProxy integration
  • X-Forwarded-Proto support
  • Flexible SSL configuration
  • Enterprise load balancer ready
New in v2.0

Multi-Platform Containers

Run CortexDNS on any architecture with multi-platform Docker images. Native support for x86_64 and ARM64 systems.

  • AMD64 (x86_64) support
  • ARM64 (Apple Silicon, AWS Graviton)
  • Automated CI/CD builds
  • Docker Hub distribution
Changelog

What's New

Latest features and improvements in CortexDNS

v2.1 Latest

Enterprise Deployment & Reliability

  • Health Check & Auto-Fix - Automatic diagnostics and self-healing for offline installations
  • SSL Offloading - Full support for HAProxy and load balancer deployments
  • Enhanced Offline Installation - Dynamic configuration with automatic API key synchronization
  • Classification Analytics - Improved threat intelligence dashboard
  • Query Log Quick Filter - Fixed blocked/allowed filtering
v2.0

CI/CD & Multi-Platform Support

  • Docker Hub CI/CD - Automated builds and releases via GitHub Actions
  • Multi-Platform Images - Support for amd64 and arm64 architectures
  • Trivy Security Scan - Automated vulnerability scanning in CI pipeline
  • Docker Content Trust - Image signing for verified deployments
v1.3

DNSSEC & Import Improvements

  • DNSSEC Key Management - Full key lifecycle management with rotation support
  • BIND Zone Import - Drag & drop zone file import with preview
  • DNS Migration Fixes - Improved Windows DNS migration reliability
v1.2

Security & Intelligence

  • Threat Intelligence - Domain classification and DGA detection
  • Block Page - Category-aware block pages with branding
  • Rate Limiting - Token bucket API protection
  • Security Dashboard - Classification stats and insights
v1.1

Enterprise Features

  • RBAC - Role-based access control (security-admin, filter-admin, dns-admin)
  • Alerts & Notifications - Email and webhook notifications
  • SIEM Integration - Syslog forwarding and event streaming
  • 2FA Support - TOTP-based two-factor authentication
How It Works

Deploy in minutes, protect for years

01

Deploy the platform

Install CortexDNS on-premises or use our cloud offering. Docker, Kubernetes, or bare metal supported.

terminal 
$ docker compose up -d
Creating cortexdns-server  ... done
Creating cortexdns-ui      ... done
Creating cortexdns-filter  ... done
Creating cortexdns-authority ... done

✓ CortexDNS ready at https://localhost
02

Connect your infrastructure

Point your clients to CortexDNS. Connect to your existing DNS infrastructure or deploy our managed solution.

Clients
CortexDNS
Authority
Filter
03

Configure policies

Set up blocklists, create zones, define client groups, and configure alerts based on your security requirements.

🚫 malware-domains.txt 124,847 domains
🚫 phishing-hosts.txt 89,234 domains
corporate-allowlist.txt 1,247 domains
04

Monitor and respond

Watch your DNS traffic in real-time. Investigate incidents, tune policies, and generate reports.

14:32:15 BLOCKED malware-c2.evil.com 10.0.1.45
14:32:14 OK api.github.com 10.0.1.23
14:32:14 OK login.microsoft.com 10.0.1.87
Solutions

Built for your industry

Organizations across industries rely on CortexDNS to secure their DNS infrastructure.

🏢

Enterprise IT

Protect corporate networks from phishing, malware, and data exfiltration. Enforce acceptable use policies and gain visibility into shadow IT.

Learn more
🏥

Healthcare

Meet HIPAA compliance requirements with comprehensive audit logging. Protect patient data and medical devices from DNS-based threats.

Learn more
🏛

Financial Services

Defend against financial malware and fraudulent domains. Satisfy regulatory requirements with immutable audit trails.

Learn more
🏫

Education

Content filtering for K-12 and higher education. Protect students while maintaining compliance with CIPA and other regulations.

Learn more
🏭

Manufacturing

Secure OT/IT convergence with DNS-layer protection. Prevent lateral movement and protect industrial control systems.

Learn more
🌐

MSP/MSSP

Multi-tenant architecture designed for service providers. Manage hundreds of customers from a single pane of glass.

Learn more
Pricing

Simple, transparent pricing

No hidden fees. No query limits. Pay for the features you need.

Monthly Annual Save 20%

Community

For small teams and home labs

$0 forever
  • Up to 10 clients
  • Threat filtering
  • Basic DNS management
  • 7-day query log retention
  • Community support
Get Started
Most Popular

Professional

For growing businesses

Custom pricing
  • Unlimited clients
  • Full DNS authority management
  • Advanced threat filtering
  • Extended log retention
  • REST API access
  • Email support
  • Multiple admin users
Contact Sales

Enterprise

For large organizations

Custom pricing
  • Everything in Professional
  • Multi-tenancy
  • SAML/LDAP SSO
  • Custom retention policies
  • SIEM integration
  • Dedicated support
  • SLA guarantee
  • On-premises deployment
Contact Sales

Ready to secure your DNS?

Get in touch with our team to learn how CortexDNS can protect your network.

Contact Us About E2E Solutions

On-premises deployment available. Enterprise support included.