DNS RPZ Support: DNS Spam protection by Response Policy Zones
Please extend Sophos XG FW by DNS RPZ FW option to filter spam and malicious domains similar to mail reputation system (e.g. via SpamHaus).
See: https://dnsrpz.info/ "Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall"."