Enable DNS Security is configured
to inspect DNS requests. You can use your existing security profile
if you want to use the same
DNS Policies
settings
for DNS-over-TLS traffic.
Create a decryption policy rule (similar
to the example below) with an action to decrypt HTTPS traffic on
port 853, which includes DNS-over-TLS traffic (refer to the Decryption Best Practices for
more information). When DNS-over-TLS traffic is decrypted, the resulting
DNS requests in the logs will appears as the conventional
dns-base
application.
(Optional)
Search for activity on the firewall
for decrypted TLS-encrypted DNS queries that have been processed
using DNS Security.
Select
Monitor
Logs
Traffic
and
filter based on the application using
dns-base
and
port 853 (which is exclusively used for DNS-over-TLS transactions),
for example,
( app eq dns-base ) and ( port.src eq 853 )
.
Select a log entry to view the details of a detected
DNS threat.
The
Application
should display
dns-base
in
the
General
pane and the
Port
in
the
Source
pane of the detailed log view.
Other relevant details about the threat are displayed in their corresponding windows.