>
    Strata Copilot
    Manage Internal Domains
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced DNS Security Powered by Precision AI®
    3. Configure Advanced DNS Security Resolver
    4. Manage Internal Domains
    Download PDF
    Advanced DNS Security Powered by Precision AI®

    Manage Internal Domains

    Table of Contents

    Manage Internal Domains

    Define internal domain bypass lists to exclude private traffic from Advanced DNS Security Resolver.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Advanced DNS Security Resolver License
    You can specify a list of internal domains to be excluded from getting processed by the Advanced DNS Security Resolver. Palo Alto Networks provides a set of default values that are commonly used as internal domains, thus not registered as part of the public DNS system (such as *.localhost and *.local), however, you can add user-specified values for other internal domains that do not use these values.
    The Advanced DNS Security Resolver is not designed to inspect or resolve internal network domains. As a result, Palo Alto Networks recommends against routing any internal traffic through the Advanced DNS Security Resolver. However, to assist with troubleshooting scenarios where internal traffic is inadvertently directed to the resolver, you can configure a managed list of internal domains. When the Advanced DNS Security Resolver receives a DNS query for a configured internal domain, it returns an NXDOMAIN response and generates a corresponding log entry in SLS (Strata Logging Service). These log entries can be used to assist in the identification of misconfigured traffic routing and other diagnostic purposes.
    Internal domains that users attempt to access will display with the following log attributes:
    • Domain EDLblocked-internal-domain
    • Actionblock
    • DNS Response CodeNXDOMAIN
    1. Log in to the Strata Cloud Manager on the hub.
    2. Select ManageConfigurationADNS ResolverDNS Resolver Configurations and then select the Internal Domains tab.
    3. Before adding internal network domains, you can review the Default domain values that have already been specified.
    4. To add new custom internal domains, select Add Internal Domain and provide the internal domain server details. You can add wildcard domain entries or the root domain with an optional description, and Save when finished.
    5. Repeat to add additional custom internal domains.
    6. You can also edit or delete Custom internal domain entries as necessary by selecting the appropriate icons from the Actions column.

    © 2026 Palo Alto Networks, Inc. All rights reserved.