This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

DNS top applications?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS top applications?

Go to solution
jharlow
L3 Networker

‎06-08-2015 01:09 PM

I recently installed a PA-500 on our network. Currently it is in virtual mode as I start to understand how to configure the device.  One of the things I have noticed is that consistently, DNS is the number 1 application. Second is web-browsing.  Just in the past hour, 27.7k sessions for dns and 24.1k for web.  Is this typical?   We house our own DNS servers; however, they are setup to forward to external DNS servers (google, openDNS and Comcast).   Just trying to figure this all out. Thanks,

1 person had this problem.
Labels:
1 accepted solution

Accepted Solutions

Go to solution
gwesson
L7 Applicator

‎06-08-2015 02:19 PM

This is extremely common. If you were to take a look at all the different URIs for most sites out there, there are lots of different domains. Each one may have ads, plugins from social media ("share" and "like" buttons, etc.), content distribution networks for images, etc.

Generally, DNS traffic isn't all that interesting and you can disable logging for it. I have created a rule on my firewall to allow DNS from inside to outside, and turn off logging (but still doing security profiles so I can catch botnets and other malicious stuff). I also disable logging for NTP as well, it's also noisy especially if you have a lot of servers behind your firewall.

2015-06-08_1418.png

Cheers,

Greg

View solution in original post

2 REPLIES 2

Go to solution
gwesson
L7 Applicator

‎06-08-2015 02:19 PM

This is extremely common. If you were to take a look at all the different URIs for most sites out there, there are lots of different domains. Each one may have ads, plugins from social media ("share" and "like" buttons, etc.), content distribution networks for images, etc.

Generally, DNS traffic isn't all that interesting and you can disable logging for it. I have created a rule on my firewall to allow DNS from inside to outside, and turn off logging (but still doing security profiles so I can catch botnets and other malicious stuff). I also disable logging for NTP as well, it's also noisy especially if you have a lot of servers behind your firewall.

2015-06-08_1418.png

Cheers,

Greg

Go to solution
jharlow
L3 Networker
In response to gwesson

‎06-08-2015 02:31 PM

Excellent.  I kind of figure the actual traffic was usual just wanted to verify. Thanks  for the screenshot. I created a rule based off yours to help clear those out of my logs. Much appreciated.

0 Likes Likes
  • 1 accepted solution
  • 4754 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks