The product

One console. Every device. Every DNS query.

From the resolver to the SOC, olladns is the modern DNS security platform. Six interconnected surfaces — built for teams who care about milliseconds and audit trails.

Query Log AI Detection Policies Roaming Clients Threat Intel Integrations
Query Log

Forensic visibility, streaming live.

A high-throughput record of every DNS lookup on your network — searchable in milliseconds, exportable in seconds.

Live tail
Pause, scroll, filter — the stream waits for you. Up to 50k events/sec per tenant without dropping rows.
Click into any row
See the resolver, the device, the matched rule, the AI confidence, and the policy chain that produced the verdict.
Long retention
90 days hot, 13 months cold. Hot search returns in <500ms across 4B events.
/query-log
live · 2,841/s All actions ▾ All categories ▾ All devices ▾ ⌘K Search
TimeActionDomainCategoryDevice
09:42:18blocklogin-microsoft-secure.cfPhishingMacBook-Pro-Riley
09:42:17allowapi.github.comProductivityjenkins-runner-03
09:42:16blockc2-server-relay.icuMalware C&CWin10-Finance-08
09:42:15allowcdn.cloudflare.comCloudvpn-lax-09
09:42:13blockpaypal-verify-update.topPhishingiPad-Pro-Mia
/ai-detection
Detections / 24h
744
FP rate
0.04%
Models
Phishing lookalike
v4.2.1 · 99.6%
DGA detector
v3.8.0 · 97.2%
Newly registered domain
v2.4.4 · 94.1%
Typosquat
v3.0.2 · 98.4%
C2 beacon timing
v1.2.0 · 89.7%
AI Detection

Five models. One verdict. Zero day-zero excuses.

Our models are trained on 180+ billion daily queries across thousands of customers. They see new threats before threat-intel vendors finish writing the report.

Phishing lookalike
Visual + structural similarity to your protected brands. Catches login-m1crosoft-secure.cf within an hour of registration.
DGA & algorithmic C2
Statistical n-gram + entropy classifier. Blocks malware command-and-control even when the hostname has never been seen.
Feedback loop
One click confirms or rejects a detection. Models retrain nightly with your verdicts.
Policies

Filtering rules that map to humans, not IPs.

Build policies from 80+ content categories, custom block/allow lists, schedules, and threat sources. Assign them to sites, groups, or individual devices.

80+ curated categories
From phishing & malware to streaming & social. Each updated continuously by our research team.
Identity-aware
Sync from Entra ID, Okta, Google Workspace. Engineering gets dev tools, Finance gets locked down.
Time-of-day & geofenced rules
Strict during business hours, looser after. Different policies for office vs roaming networks.
Branded block page
Your logo, your support contact, your messaging. Reduce helpdesk tickets to almost zero.
/policies
Default + Strict
4 sites · 480 devices edit
Phishing & Deception
Malware & Ransomware
Botnet C&C
Cryptomining
Anonymizers
Adult Content
Social Media
Streaming
Roaming Clients

Protected anywhere. Felt nowhere.

Lightweight clients for every major platform. Encrypted DoH/DoT to the nearest POP. Same policy whether the laptop is on the office Wi-Fi, an airport, or a hotel.

macOS
Intel · Apple Silicon
Windows
10 · 11
iOS
MDM-deployable
Android
EMM-deployable
ChromeOS
DoH config
Linux
systemd-resolved

Push silently via Jamf, Intune, Kandji, Workspace ONE, or Google Endpoint Management. No popups, no certificates to install, no user interaction.

/roaming
Active
614
Protected
608
Alerts
4
Stale
2
MacBook-Pro-Riley
[email protected]
macOS 14.4
protected
iPhone-15-CEO
[email protected]
iOS 17.5
protected
Win10-Finance-08
[email protected]
Windows 11
alert
Pixel-8-Dev
[email protected]
Android 14
protected
Surface-IT-3
[email protected]
Windows 11
stale
Threat Intelligence

200+ feeds, four research labs, one stream.

Curated indicator feeds from public, commercial, and our own honeypot network — deduplicated, scored for confidence, and applied to your resolvers within 60 seconds of a new IOC.

Active feeds
217
IOC updates / day
3.8M
Median feed-to-block
38s
Internal honeypots
2,140
A few of our feed sources
Spamhaus Mandiant Recorded Future Abuse.ch PhishTank CISA AIS VirusTotal Intel OpenPhish URLhaus Internal honeypots +207 more
Integrations

Slots into the stack you already operate.

Identity, SIEM, MDM, alerting — wire olladns to the rest of your security graph in minutes, not weeks.

IDENTITY
EN
Microsoft Entra ID
Sync users + groups, SSO
connect
OK
Okta
SCIM provisioning + SSO
connect
GO
Google Workspace
Directory + SSO
connect
SIEM
MS
Microsoft Sentinel
Native log analytics connector
connect
SP
Splunk
HEC token, 1-click
connect
DD
Datadog
Logs + dashboards
connect
EL
Elastic
ECS-formatted streams
connect
MDM
JF
Jamf Pro
Push roaming client + profile
connect
IN
Intune
Windows + iOS deployment
connect
KA
Kandji
macOS Blueprint
connect
WS
Workspace ONE
Cross-platform
connect
ALERTS
SL
Slack
Channel routing per severity
connect
PD
PagerDuty
Page on critical
connect
MT
Microsoft Teams
Adaptive cards
connect
WH
Webhooks
Pipe to anything
connect

Want to see it on your own DNS traffic?

Free 14-day trial. Connect 50 devices in 15 minutes. No commitment.

Start free trial Tour the live demo