06-21-2019 07:19 PM
With PAN OS 9.0 Does PA do cloud clookup for everydomain
or
only for domains which are not in DNS sinkhole of Antispyware profile?
I was told DNS security is a part of PAN DB so when clouds verdict is that particular domain is bad hows does this info come to PA in real time?
I know it comes via Management interface but which security profile or database it uses to update the PA?
06-27-2019 03:02 AM
If a DNS query is sinkholed by ThreatPrevention, it will not need to be looked up by DNS Security.
DNS Security does cloud lookups for every query it sees (unless the result is already cached) pretty much in the same way URL Filtering works. It is applied in the DNS Signatures section of the AntiSpyware profile, there is no local database, rather a cache is used and cloud lookups are done through the management interface (or a service route)
06-27-2019 03:02 AM
If a DNS query is sinkholed by ThreatPrevention, it will not need to be looked up by DNS Security.
DNS Security does cloud lookups for every query it sees (unless the result is already cached) pretty much in the same way URL Filtering works. It is applied in the DNS Signatures section of the AntiSpyware profile, there is no local database, rather a cache is used and cloud lookups are done through the management interface (or a service route)
08-21-2019 12:25 PM
Many thanks Reaper.
08-21-2019 02:01 PM
Ok, maybe I need to seek clarification.
From the education training courses, it is understood/taught that DNS Security is used in the sinkhole function of the Spyware profile.
I am confused if anyone says DNS Security is sinkholed by Threat Prevention.
It is actually (in my mind) that the DNS Security license is using being used in sinkhole functionality, for the purpose of Threat Prevention.
I also believe that PANW asks customer to enable the Passive DNS Monitoring under Telemetry to find new unsual DNS queries to be sent to WF, to be confirmed that the DNS query is a fast flux domain, and then it pushed down or updated the Malware or Command and Control URL categories in the PAN-DB.
Comments accepted. 😛
08-21-2019 02:23 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
