A method performed by a computing device for implementing a dynamic outbound firewall. The method includes creating a localhost virtual private network (VPN) service, intercepting, using the localhost VPN service, outbound network traffic originated by the computing device, and responsive to detecting a first domain name service (DNS) query in the intercepted outbound network traffic, converting the DNS query to a first secure DNS query and sending the first secure DNS query to a trusted external DNS recursive resolver using a secure DNS protocol, receiving a first secure DNS response that includes a first DNS resolution result, adding an entry for the first DNS resolution result to a cache, and dropping a first outbound packet detected in the intercepted outbound network traffic based on a determination that the destination of the first outbound packet does not match an entry in the cache.