Dynamic DNS URL Redirect Control

Reply
Highlighted
L4 Transporter

Dynamic DNS URL Redirect Control

Hello,

Most of the "Dynamic DNS" sites are categorized as Computer and Internet Info (PANDB).  On occasion a device will get infected because of a Dynamic DNS redirect to a malicious site.  The initial URL connection is through one of the DDNS sites.  Because we allow "Computer and Internet Info", the connection is allowed to the final (malicious) destination.  Besides hunting down every DDNS service and creating a custom URL block list - are there any solutions to better control these redirects? Thanks!

Cheers,

Mike

Tags (3)
Highlighted
L7 Applicator

Assuming the URL is known to be malicious, you could implement DNS Sinkholing:

How to Configure DNS Sinkholing on PAN-OS 6.0

An alternative is to set an action of 'block' on your DNS Signature under your Anti-spyware profile.

I (personally) also like to configure my DNS server to point to OpenDNS servers and add an extra layer of protection (you can get an account with them, they will tie your public IP to the source of the DNS queries and filter those against their database). That means that you will be covered with both PAN-DB and OpenDNS databases for DNS queries.

Hope that helps,

Mariano.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!