- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-26-2018 03:37 AM
Hi @Hugh.Kelley,
can't comment on dns.google.com or dns-api.org but would like to provide some comments on https://github.com/PaloAltoNetworks/fqdn-service
Take into account, though, that if you're using PANOS then you better create custom L7 apps (SSL Decrypt + matching the HTTP Host Header or SSL Response Certificate in case you're not decryting) instead of matching based on FQDN. FQDN matching is performed at "sample intervals" (i.e. once an hour) and these FQDN entries behind AWS rotate tipically at 1 minute intervals. That means that you will, probably, fail to match many sessions between sample intervals no matter which DNS service you end up using