Information
DNS security is an extensible cloud-based service capable of generating DNS signatures using advanced predictive analytics and machine learning. DNS Security protects from sophisticated DNS-based attacks.
Rationale:
DNS traffic are normally allowed on firewall. With this in mind, attackers leverage on this attack surface to evade detections or extract out data. Starting from PanOS 9, Palo Alto Networks has launched DNS Security services to combat against evassive malwares and to detect DNS tunneling activities.
For DNS Security to be effective, 'Threat Prevention' or 'Advanced Threat Prevention' license must be purchased in addition of 'DNS Security' license.
Solution
Navigate to Objects > Security Profiles > Anti-Spyware
Go to DNS Policies tab. Configure policy action to sinkhole for all DNS Security categories.
On Command and control Domains category, set the packet capture option to extended-capture.
Default Value:
Not Configured