Benefits of using DNS proxy?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Benefits of using DNS proxy?

L4 Transporter

Are there any Security benefits to using the current implementation of DNS proxy on the PAN? I have seen on the ver 6.0, a new feature called DNS sinkhole, but I don't think it will require the DNS proxy feature. Watchguard checks DNS headers and a couple of other criteria for DNS based attacks, but I don't see anything in PAN documentation that says the PAN Firewall does anything when used a DNS proxy.

Any thoughts?

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.
2 REPLIES 2

L7 Applicator

Hello Sir,

Regarding DNS Sinkhole: This is a new feature, will be available on PAN-OS 6.0.

This feature adds a new option to the anti-spyware profile, allowing an administrator to enable DNS sinkhole for DNS-based spyware signatures.  The user specifies the IPs to sinkhole to, and then the user can run reports on that IP to identify infected hosts.  The user can also set the address to the loopback address to effectively cut off the communication.

The sinkhole action, just like the block action for DNS signatures, should be processed before the DNS proxy is processed.  Thus, the query never goes through the proxy and sinkhole records are not cached if DNS proxy caching is enabled.

DNS Sinkhole allows administrators to quickly identify infected hosts on the network using DNS traffic.  Sinkhole DNS queries involve forging responses to select DNS queries so that clients on the network connect to a specified host rather than the actual host pointed to by DNS.  Infected hosts can then be identified from traffic logs and reports.  Any hosts that attempt to connect to the sinkholes host (assumed not to be contacted for any legitimate purpose) is infected with malware.

Regarding DNS PROXY, please refer below mentioned documents:

How to Configure DNS Proxy on a Palo Alto Networks Firewall

about

I hope above explanation will help you.

Thanks

Thanks for the information on the sinkhole function. I am using DNS proxy for a "test" environment, so I have set it up and know how it works, but my question is more on whether the PAN includes any security related functionality when using DNS proxy (especially if using reverse DNS proxy) or if this increases security for the environment.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.
  • 3425 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!