cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L5 Sessionator

Hi @Hugh.Kelley,

 

can't comment on dns.google.com or dns-api.org but would like to provide some comments on https://github.com/PaloAltoNetworks/fqdn-service

  • It is a "serverless implementation" (no VM needed). It is likely to cost you 0$ a month unless you share it with a large community of users
  • It can resolve many FQDN's at once which means that a single miner is needed
  • It can store a history of responses

Take into account, though, that if you're using PANOS then you better create custom L7 apps (SSL Decrypt + matching the HTTP Host Header or SSL Response Certificate in case you're not decryting) instead of matching based on FQDN. FQDN matching is performed at "sample intervals" (i.e. once an hour) and these FQDN entries behind AWS rotate tipically at 1 minute intervals. That means that you will, probably, fail to match many sessions between sample intervals no matter which DNS service you end up using

View solution in original post

Who rated this post