DNS top applications?

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

DNS top applications?

I recently installed a PA-500 on our network. Currently it is in virtual mode as I start to understand how to configure the device.  One of the things I have noticed is that consistently, DNS is the number 1 application. Second is web-browsing.  Just in the past hour, 27.7k sessions for dns and 24.1k for web.  Is this typical?   We house our own DNS servers; however, they are setup to forward to external DNS servers (google, openDNS and Comcast).   Just trying to figure this all out. Thanks,


Accepted Solutions
Highlighted
L7 Applicator

This is extremely common. If you were to take a look at all the different URIs for most sites out there, there are lots of different domains. Each one may have ads, plugins from social media ("share" and "like" buttons, etc.), content distribution networks for images, etc.

Generally, DNS traffic isn't all that interesting and you can disable logging for it. I have created a rule on my firewall to allow DNS from inside to outside, and turn off logging (but still doing security profiles so I can catch botnets and other malicious stuff). I also disable logging for NTP as well, it's also noisy especially if you have a lot of servers behind your firewall.

2015-06-08_1418.png

Cheers,

Greg

View solution in original post


All Replies
Highlighted
L7 Applicator

This is extremely common. If you were to take a look at all the different URIs for most sites out there, there are lots of different domains. Each one may have ads, plugins from social media ("share" and "like" buttons, etc.), content distribution networks for images, etc.

Generally, DNS traffic isn't all that interesting and you can disable logging for it. I have created a rule on my firewall to allow DNS from inside to outside, and turn off logging (but still doing security profiles so I can catch botnets and other malicious stuff). I also disable logging for NTP as well, it's also noisy especially if you have a lot of servers behind your firewall.

2015-06-08_1418.png

Cheers,

Greg

View solution in original post

Highlighted
L3 Networker

Excellent.  I kind of figure the actual traffic was usual just wanted to verify. Thanks  for the screenshot. I created a rule based off yours to help clear those out of my logs. Much appreciated.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!