Advanced DNS Security Powered by Precision AI®
Manage Internal Domains
Table of Contents
Manage Internal Domains
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You can specify a list of internal domains to be excluded from getting processed by
the Advanced DNS Security Resolver. Palo Alto Networks provides a set of default
values that are commonly used as internal domains, thus not registered as part of
the public DNS system (such as *.localhost and *.local), however, you can add
user-specified values for other internal domains that do not use these values.
The Advanced DNS Security Resolver is not designed to inspect or resolve internal
network domains. As a result, Palo Alto Networks recommends against routing any
internal traffic through the Advanced DNS Security Resolver. However, to assist with
troubleshooting scenarios where internal traffic is inadvertently directed to the
resolver, you can configure a managed list of internal domains. When the Advanced
DNS Security Resolver receives a DNS query for a configured internal domain, it
returns an NXDOMAIN response and generates a corresponding log entry in SLS (Strata
Logging Service). These log entries can be used to assist in the identification of
misconfigured traffic routing and other diagnostic purposes.
Internal domains that users attempt to access will display with the following log
attributes:
![]()
- Domain EDL—blocked-internal-domain
- Action—block
- DNS Response Code—NXDOMAIN
- Log in to the Strata Cloud Manager on the hub.Select and then select the Internal Domains tab.Before adding internal network domains, you can review the Default domain values that have already been specified.
![]()
To add new custom internal domains, select Add Internal Domain and provide the internal domain server details. You can add wildcard domain entries or the root domain with an optional description, and Save when finished.![]()
Repeat to add additional custom internal domains.You can also edit or delete Custom internal domain entries as necessary by selecting the appropriate icons from the Actions column.![]()
