topic Advanced DNS Security vs. DNS Security in Advanced DNS Security Discussions https://live.paloaltonetworks.com/t5/advanced-dns-security/advanced-dns-security-vs-dns-security/m-p/589027#M5 <P>Good day,</P> <P>i apologize in advance if i'm posting in the wrong place...</P> <P>&nbsp;</P> <P>i've read the docs but i have some clarifications:</P> <P>&nbsp;</P> <P>1. What exactly can Advanced DNS Security do that DNS Security cannot?&nbsp; It's implied that plain DNS Security cannot detect misconfigured or hijacked domains.</P> <P>&nbsp;</P> <P>2. Does it detect when users try to connect to a misconfigured/hijacked domain, or does it detect if *my* organization's DNS domain has been hijacked or is misconfigured? Or both?</P> <P>&nbsp;</P> <P>3. Would you consider these as must-have features, or just for specific setups?</P> <P>&nbsp;</P> <P>Thanks</P> <P>&nbsp;</P> Fri, 07 Jun 2024 01:39:57 GMT itassetbenilde 2024-06-07T01:39:57Z Advanced DNS Security vs. DNS Security https://live.paloaltonetworks.com/t5/advanced-dns-security/advanced-dns-security-vs-dns-security/m-p/589027#M5 <P>Good day,</P> <P>i apologize in advance if i'm posting in the wrong place...</P> <P>&nbsp;</P> <P>i've read the docs but i have some clarifications:</P> <P>&nbsp;</P> <P>1. What exactly can Advanced DNS Security do that DNS Security cannot?&nbsp; It's implied that plain DNS Security cannot detect misconfigured or hijacked domains.</P> <P>&nbsp;</P> <P>2. Does it detect when users try to connect to a misconfigured/hijacked domain, or does it detect if *my* organization's DNS domain has been hijacked or is misconfigured? Or both?</P> <P>&nbsp;</P> <P>3. Would you consider these as must-have features, or just for specific setups?</P> <P>&nbsp;</P> <P>Thanks</P> <P>&nbsp;</P> Fri, 07 Jun 2024 01:39:57 GMT https://live.paloaltonetworks.com/t5/advanced-dns-security/advanced-dns-security-vs-dns-security/m-p/589027#M5 itassetbenilde 2024-06-07T01:39:57Z Re: Advanced DNS Security vs. DNS Security https://live.paloaltonetworks.com/t5/advanced-dns-security/advanced-dns-security-vs-dns-security/m-p/589054#M6 <P>1. regular DNS security works somewhat like URL filtering where it categorizes a record's FQDN as good or bad</P> <P>A-DNS will go a little further and also inspect the record itself to see if there are any markers that could indicate a problem:</P> <P>one example is zone dangling, which allows for the takeover of a 'forgotten' subdomain record. a "common" example is when an org has set up a record pointing to a cloud resource which gets decommissioned at some point without removing the record. a bad actor could try to forge the resource so now that dns record points to their resource</P> <P>&nbsp;</P> <P>2. security is applied to sessions passing through the firewall, it does not proactively monitor your domain (except if you request a record for your own domain so the payload of the request is inspected)</P> <P>&nbsp;</P> <P>3. security in layers: it's certainly a nice to have</P> Fri, 07 Jun 2024 07:42:45 GMT https://live.paloaltonetworks.com/t5/advanced-dns-security/advanced-dns-security-vs-dns-security/m-p/589054#M6 reaper 2024-06-07T07:42:45Z