https://live.paloaltonetworks.com/t5/general-topics/dns-security-checks-for-records-different-than-a/m-p/557122#M113061 <P>Hi,</P> <P>&nbsp;</P> <P>Does DNS Security checks DNS records other than A and how it works ? I think CNAME are checked as they are similar to A in meaning of request content.&nbsp; How about other records like PTR and TXT as they can be used more frequently for C2 traffic?&nbsp;</P> <P>&nbsp;</P> Fri, 08 Sep 2023 06:20:13 GMT TomaszSobczak 2023-09-08T06:20:13Z https://live.paloaltonetworks.com/t5/general-topics/dns-security-checks-for-records-different-than-a/m-p/557122#M113061 <P>Hi,</P> <P>&nbsp;</P> <P>Does DNS Security checks DNS records other than A and how it works ? I think CNAME are checked as they are similar to A in meaning of request content.&nbsp; How about other records like PTR and TXT as they can be used more frequently for C2 traffic?&nbsp;</P> <P>&nbsp;</P> Fri, 08 Sep 2023 06:20:13 GMT https://live.paloaltonetworks.com/t5/general-topics/dns-security-checks-for-records-different-than-a/m-p/557122#M113061 TomaszSobczak 2023-09-08T06:20:13Z https://live.paloaltonetworks.com/t5/general-topics/dns-security-checks-for-records-different-than-a/m-p/557457#M113104 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/76856">@TomaszSobczak</a>,</P> <P>I'd open a ticket with your SE and ask them to verify with someone on the product team, but I don't see any reason why CNAME, TXT, and PTR wouldn't also fall under DNS Security. You're still doing a DNS record lookup, you're just looking at a different type of record; you should still be getting the proper category.</P> <P>I know that CNAME cloaking as an example will get a domain registered as adtracking when PAN identifies the traffic from a categorization aspect.&nbsp;</P> Tue, 12 Sep 2023 03:45:46 GMT https://live.paloaltonetworks.com/t5/general-topics/dns-security-checks-for-records-different-than-a/m-p/557457#M113104 BPry 2023-09-12T03:45:46Z