DNS top applications?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

DNS top applications?

L3 Networker

I recently installed a PA-500 on our network. Currently it is in virtual mode as I start to understand how to configure the device.  One of the things I have noticed is that consistently, DNS is the number 1 application. Second is web-browsing.  Just in the past hour, 27.7k sessions for dns and 24.1k for web.  Is this typical?   We house our own DNS servers; however, they are setup to forward to external DNS servers (google, openDNS and Comcast).   Just trying to figure this all out. Thanks,

1 accepted solution

Accepted Solutions

L7 Applicator

This is extremely common. If you were to take a look at all the different URIs for most sites out there, there are lots of different domains. Each one may have ads, plugins from social media ("share" and "like" buttons, etc.), content distribution networks for images, etc.

Generally, DNS traffic isn't all that interesting and you can disable logging for it. I have created a rule on my firewall to allow DNS from inside to outside, and turn off logging (but still doing security profiles so I can catch botnets and other malicious stuff). I also disable logging for NTP as well, it's also noisy especially if you have a lot of servers behind your firewall.

2015-06-08_1418.png

Cheers,

Greg

View solution in original post

2 REPLIES 2

L7 Applicator

This is extremely common. If you were to take a look at all the different URIs for most sites out there, there are lots of different domains. Each one may have ads, plugins from social media ("share" and "like" buttons, etc.), content distribution networks for images, etc.

Generally, DNS traffic isn't all that interesting and you can disable logging for it. I have created a rule on my firewall to allow DNS from inside to outside, and turn off logging (but still doing security profiles so I can catch botnets and other malicious stuff). I also disable logging for NTP as well, it's also noisy especially if you have a lot of servers behind your firewall.

2015-06-08_1418.png

Cheers,

Greg

Excellent.  I kind of figure the actual traffic was usual just wanted to verify. Thanks  for the screenshot. I created a rule based off yours to help clear those out of my logs. Much appreciated.

  • 1 accepted solution
  • 4315 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!