This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Dynamic DNS URL Redirect Control

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Dynamic DNS URL Redirect Control

CRHC
L4 Transporter

‎08-01-2014 12:49 PM

Hello,

Most of the "Dynamic DNS" sites are categorized as Computer and Internet Info (PANDB).  On occasion a device will get infected because of a Dynamic DNS redirect to a malicious site.  The initial URL connection is through one of the DDNS sites.  Because we allow "Computer and Internet Info", the connection is allowed to the final (malicious) destination.  Besides hunting down every DDNS service and creating a custom URL block list - are there any solutions to better control these redirects? Thanks!

Cheers,

Mike

0 Likes Likes
1 REPLY 1

mivaldi
L7 Applicator

‎08-05-2014 04:59 PM

Assuming the URL is known to be malicious, you could implement DNS Sinkholing:

How to Configure DNS Sinkholing on PAN-OS 6.0

An alternative is to set an action of 'block' on your DNS Signature under your Anti-spyware profile.

I (personally) also like to configure my DNS server to point to OpenDNS servers and add an extra layer of protection (you can get an account with them, they will tie your public IP to the source of the DNS queries and filter those against their database). That means that you will be covered with both PAN-DB and OpenDNS databases for DNS queries.

Hope that helps,

Mariano.

0 Likes Likes
  • 2193 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks