This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

DNS Proxy feature

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS Proxy feature

Go to solution
djohnson229
L2 Linker

‎04-29-2020 04:36 PM

Hey guys, I've read about DNS proxy and how it works. My question is, what are the benefits of using DNS proxy on the firewall?

 

This obviously gives the Palo insight into the DNS responses, but if the DNS traffic traverses the firewall it can snoop in on the DNS anyway. I don't see anything specific to DNS under logs to even show the DNS interactions that are taking place?

 

This is such a basic question, hopefully someone can help 🙂

 

DJ

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
SutareMayur
L6 Presenter

‎04-30-2020 03:43 AM

@djohnson229,

 

If you've requirement wherein you want public DNS to be configured for one specific subnet to restrict traffic coming towards internal DNS. At the same time, if you want to allow one internal URL through same network (which is resolvable on internal DNS only) so it will be difficult to address this requirement as you have public DNS configured.  So DNS proxy helps in this situation.

 

You can have public DNS configured for required subnet. And for 2nd requirement of internal URL,  you can either configured DNS proxy Rule or Static entry for required internal URL. With this only one desired Internal URL will start resolving required internal IP based on DNS Proxy Rule/Static Entry.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

View solution in original post

3 REPLIES 3

Go to solution
SutareMayur
L6 Presenter

‎04-30-2020 03:43 AM

@djohnson229,

 

If you've requirement wherein you want public DNS to be configured for one specific subnet to restrict traffic coming towards internal DNS. At the same time, if you want to allow one internal URL through same network (which is resolvable on internal DNS only) so it will be difficult to address this requirement as you have public DNS configured.  So DNS proxy helps in this situation.

 

You can have public DNS configured for required subnet. And for 2nd requirement of internal URL,  you can either configured DNS proxy Rule or Static entry for required internal URL. With this only one desired Internal URL will start resolving required internal IP based on DNS Proxy Rule/Static Entry.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

Go to solution
djohnson229
L2 Linker
In response to SutareMayur

‎04-30-2020 03:49 PM

Yeah, that makes sense. Thanks for the reply.

0 Likes Likes

Go to solution
SutareMayur
L6 Presenter
In response to djohnson229

‎05-01-2020 12:16 AM

@djohnson229,

 

Could you mark this question as solved please?

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
  • 1 accepted solution
  • 3526 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks