DNS Proxy feature

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS Proxy feature

L2 Linker

Hey guys, I've read about DNS proxy and how it works. My question is, what are the benefits of using DNS proxy on the firewall?

 

This obviously gives the Palo insight into the DNS responses, but if the DNS traffic traverses the firewall it can snoop in on the DNS anyway. I don't see anything specific to DNS under logs to even show the DNS interactions that are taking place?

 

This is such a basic question, hopefully someone can help 🙂

 

DJ

1 accepted solution

Accepted Solutions

L6 Presenter

@djohnson229,

 

If you've requirement wherein you want public DNS to be configured for one specific subnet to restrict traffic coming towards internal DNS. At the same time, if you want to allow one internal URL through same network (which is resolvable on internal DNS only) so it will be difficult to address this requirement as you have public DNS configured.  So DNS proxy helps in this situation.

 

You can have public DNS configured for required subnet. And for 2nd requirement of internal URL,  you can either configured DNS proxy Rule or Static entry for required internal URL. With this only one desired Internal URL will start resolving required internal IP based on DNS Proxy Rule/Static Entry.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

View solution in original post

3 REPLIES 3

L6 Presenter

@djohnson229,

 

If you've requirement wherein you want public DNS to be configured for one specific subnet to restrict traffic coming towards internal DNS. At the same time, if you want to allow one internal URL through same network (which is resolvable on internal DNS only) so it will be difficult to address this requirement as you have public DNS configured.  So DNS proxy helps in this situation.

 

You can have public DNS configured for required subnet. And for 2nd requirement of internal URL,  you can either configured DNS proxy Rule or Static entry for required internal URL. With this only one desired Internal URL will start resolving required internal IP based on DNS Proxy Rule/Static Entry.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

Yeah, that makes sense. Thanks for the reply.

@djohnson229,

 

Could you mark this question as solved please?

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
  • 1 accepted solution
  • 3559 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!