Reply
L0 Member
Posts: 2
Registered: ‎07-03-2018

DNS logs

Is there a way to view and/or log dns queries and responses (outside of anti-spyware rules)? The passive DNS telemetry configuration seems to do what we want but those fqdn to IP mappings are sent to Palo and it doesn't appear that we can view what fqdns resolve to what IPs in the logs. This doesn't appear to be a feature in the dns proxy object either? Is there anything with PAN-OS that supports this? For all queries not just malicious ones. 

L6 Presenter
Posts: 538
Registered: ‎04-03-2014

Re: DNS logs

[ Edited ]

You can setup a continuos packet capture in the firewall for protocol 17 (udp) and destination port 53, and then check the packet capture when you need this information. If you have excessive DNS traffic through your firewall this can cause increased dataplane CPU utilization, so be careful.

 

For the DNS Proxy feature in the firewall you can check its cache from the CLI:

> show dns-proxy cache all | match <fqdn>

 

OR

 

> show dns-proxy cache filter type RR_A all FQDN <fqdn>

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!