Enable DNS Security is configured
to inspect DNS requests. You can use your existing security profile
if you want to use the same
DNS Policies
settings
for DNS-over-TLS traffic.
Create a decryption policy rule with
an action to decrypt HTTPS traffic on port 853, which includes DNS-over-TLS
traffic (refer to the Decryption Best Practices for
more information). When DNS-over-TLS traffic is decrypted, the resulting
DNS requests in the logs will appears as the conventional
dns-base
application.
(Optional)
Search for activity on the firewall
for decrypted TLS-encrypted DNS queries that have been processed
using DNS Security.
Select
Activity
Log Viewer
and select
Threat
logs.
Use the query builder to filter based on the application using
dns-base
and
port 853 (which is exclusively used for DNS-over-TLS transactions),
for example,
app = 'dns-base' AND source_port = 853
.
Select a log entry to view the details of the detected
DNS threat.
The
Application
should display
dns-base
in
the
General
pane and the
Port
in
the
Source
pane of the detailed log view.
Other relevant details about the threat are displayed in their corresponding
tabs.
