Advanced DNS Security vs. DNS Security

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Advanced DNS Security vs. DNS Security

L1 Bithead

Good day,

i apologize in advance if i'm posting in the wrong place...

 

i've read the docs but i have some clarifications:

 

1. What exactly can Advanced DNS Security do that DNS Security cannot?  It's implied that plain DNS Security cannot detect misconfigured or hijacked domains.

 

2. Does it detect when users try to connect to a misconfigured/hijacked domain, or does it detect if *my* organization's DNS domain has been hijacked or is misconfigured? Or both?

 

3. Would you consider these as must-have features, or just for specific setups?

 

Thanks

 

1 REPLY 1

Cyber Elite
Cyber Elite

1. regular DNS security works somewhat like URL filtering where it categorizes a record's FQDN as good or bad

A-DNS will go a little further and also inspect the record itself to see if there are any markers that could indicate a problem:

one example is zone dangling, which allows for the takeover of a 'forgotten' subdomain record. a "common" example is when an org has set up a record pointing to a cloud resource which gets decommissioned at some point without removing the record. a bad actor could try to forge the resource so now that dns record points to their resource

 

2. security is applied to sessions passing through the firewall, it does not proactively monitor your domain (except if you request a record for your own domain so the payload of the request is inspected)

 

3. security in layers: it's certainly a nice to have

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 330 Views
  • 1 replies
  • 0 Likes
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!