Regional Service Domains

Table of Contents

Configure DNS Security Subscription Services

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Strata Cloud Manager) NGFW (Managed by PAN-OS or Panorama) VM-Series CN-Series	Advanced DNS Security License (for enhanced feature support) or DNS Security License Advanced Threat Prevention or Threat Prevention License

Palo Alto Networks maintains a network of global and regional domains that provide service for DNS Security and Advanced DNS Security operations. These service domains operate real-time DNS request analyzers, access to the DNS signature database and provide advanced cloud-dependent functionality. By default, DNS Security and Advanced DNS Security connects to the global service domains (dns.service.paloaltonetworks.com and adv-dns.service.paloaltonetworks.com,respectively), which then automatically redirect to the regional domain that is closest to the network security platform location.

Advanced DNS Security Regional Service Domains

You can manually specify the server used to facilitate Advanced DNS Security queries. While Palo Alto Networks recommends using the default global service domain, you can override the selected server if you encounter higher than expected latency or other service-related issues.

Expand all

Collapse all

NGFW (PAN-OS 11.2 and later)

You can specify the Advanced DNS Security service domain in PAN-OS from DeviceSetupManagementAdvanced DNS SecurityDNS Security Server.
Strata Cloud Manager

You can specify the Advanced DNS Security service domain in Strata Cloud Manager from ManageConfigurationNGFW and Prisma AccessSecurity ServicesDNS Security. From the Settings tab, select Customize to edit the server settings.

This setting does not impact how standard DNS Security queries are handled.

The following table lists the service domains used by Advanced DNS Security:

Location	URL
Cape Town, South Africa	dns-za.service.paloaltonetworks.com
Bahrain	dns-bh.service.paloaltonetworks.com
Paris, France	dns-fr.service.paloaltonetworks.com
Tokyo, Japan	dns-jp.service.paloaltonetworks.com
Singapore	dns-sg.service.paloaltonetworks.com
Sydney, Australia	dns-au.service.paloaltonetworks.com
London, England	dns-uk.service.paloaltonetworks.com
Frankfurt, Germany	dns-de.service.paloaltonetworks.com
Eemshaven, Netherlands	dns-nl.service.paloaltonetworks.com
Council Bluffs, Iowa, USA	dns-us-ia.service.paloaltonetworks.com
Ashburn, Northern Virginia, USA	dns-us-va.service.paloaltonetworks.com
The Dalles, Oregon, USA	dns-us-or.service.paloaltonetworks.com
Montreal, Quebec, Canada	dns-ca.service.paloaltonetworks.com
Osasco, São Paulo, Brazil	dns-br.service.paloaltonetworks.com
Los Angeles, California, USA	dns-us-ca.service.paloaltonetworks.com
Hong Kong	dns-hk.service.paloaltonetworks.com
Mumbai, India	dns-in.service.paloaltonetworks.com
Tel Aviv, Israel	dns-il.service.paloaltonetworks.com
Seoul, South Korea	dns-kr.service.paloaltonetworks.com

Data Collection and Logging

Configure DNS Security Subscription Services

Advanced DNS Security

Regional Service Domains

Advanced DNS Security

Regional Service Domains

Advanced DNS Security Regional Service Domains

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Translated Documents

Technical Documentation

Company

Legal Notices