====== Palo Alto Networks DNS Security ======


[[https://docs.paloaltonetworks.com/dns-security|DNS Security Documentation]]

[[https://www.paloaltonetworks.com/network-security/dns-security|DNS Security Summary Page]]

[[https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/datasheets/dns-security-service|DNS Security Data Sheet]]
===== DoT/DoH =====
PAN-OS 11.2.1 [[https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-networking-admin/dns/configure-a-dns-proxy-object|released the ability]] for DNS Proxy on PAN-OS to act as a DoT/DoH server and also forward on DoT/DoH.


=====Data Sources=====
  * Passive DNS
  * URL Filtering
  * [[https://www.paloaltonetworks.com/network-security/wildfire|WildFire]]
  * [[https://www.honeynet.org/|Honeynet]]
  * [[https://cyberthreatalliance.org/|Cyber Threat Alliance]]
  * [[https://unit42.paloaltonetworks.com/|Unit 42]]

=====Details=====
  * Response in <100 Milliseconds
  * More than 30 third-party sources of threat intelligence to enrich data and ensure you have coverage
  * Does not require change to DNS Infrastructure
  * Cannot be bypassed by using other resolvers
  * 40% more threat coverage than other leading vendors
  * Stops newly registered domains 6x faster than publicaly avaialble scanners

New in mid 2025

  * Detection of unknown C2 threats developed using the open source Sliver C2 framework (ATP)
  * Enhanced Empire C2 deteciton
  * Protection against DNS relaying attacks, also known as Data Exfiltration via HTTP request headers (ATP+ADNS)
  * Domain Masquerading Detection, Malicious TDS Detection (ADNS)
  * AI Categorization, Crypto Scam Detection, DeepFake Phishing Detection (AURL)
  * Endpoint DLP

=====URL Categories Blockable=====
  * Ad Tracking
  * Command and Control
  * Dynamic DNS Hosted
  * Grayware
  * Malware
  * Newly Registered Domains (NRD)
  * Parked
  * Phishing
  * Proxy Avoidance & Anonymizers

===== DNS Techniques =====
  * Dangling DNS (PAN only)
  * WildCard DNS (PAN only)
  * NXNS Attack (PAN only)
  * CNAME Cloaking
  * Ultra-Slow DNS Tunneling
  * Data Theft
  * DNS Tunneling
  * DNS Infiltration
  * Compromised DNS Zone
  * DNS Rebinding
  * Strategically Aged Domains
  * Domain Squating
  * Domain Generation Algorithm (DGA)
  * Dictionary DGA
  * Fast Flux Domains
  * DNS Rebinding Attacks
  * Dangling SNA Attacks