Advanced DNS Security Powered by Precision AI™
Test Domains
Table of Contents
Test Domains
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Palo Alto Networks provides the following DNS
Security test domains to validate your policy configuration based
on the DNS category.
- Access the following test domains to verify that the policy action for a given threat type is being enforced:DNS Security
- DNS Tunneling—test-dnstun.testpanw.com
- Dynamic DNS*—test-ddns.testpanw.com
- Malware—test-malware.testpanw.com
- Newly Registered Domains*—test-nrd.testpanw.com
- Phishing*—test-phishing.testpanw.com
- Grayware*—test-grayware.testpanw.com
- Parked*—test-parked.testpanw.com
- Proxy Avoidance and Anonymizers*—test-proxy.testpanw.com
- Fast Flux*—test-fastflux.testpanw.com
- Malicious NRD*—test-malicious-nrd.testpanw.com
- NXNS Attack*—test-nxns.testpanw.com
- Dangling*—test-dangling-domain.testpanw.com
- DNS Rebinding*—test-dns-rebinding.testpanw.com
- DNS Infiltration*—test-dns-infiltration.testpanw.com
- Wildcard Abuse*—test-wildcard-abuse.testpanw.com
- Strategically-Aged*—test-strategically-aged.testpanw.com
- Compromised DNS*—test-compromised-dns.testpanw.com
- Ad Tracking*—test-adtracking.testpanw.com
- CNAME Cloaking*—test-cname-cloaking.testpanw.com
- Ransomware*—test-ransomware.testpanw.com
- Stockpile*—test-stockpile-domain.testpanw.com
- Cybersquatting*—test-squatting.testpanw.com
- Subdomain Reputation*—test-subdomain-reputation.testpanw.com
The test domains marked with an * are not supported in PAN-OS 9.1.Advanced DNS SecurityAccess the following test domain to verify that the policy action for a given threat type is being enforced:- DNS Misconfiguration Domain (Claimable)—http://test-dnsmisconfig-claimable-nx.testpanw.com
The following test domain test cases should be added to your DNS server zone file of testpanw.com before accessing the domain. These test cases match against the Advanced DNS Security signatures and will generate the appropriate logs. Verify that the policy action for a given threat type is being enforced.-
DNS Misconfiguration Domain (Zone Dangling) Test Cases HostRecord TypeRecord Data*.test-dnsmisconfig-zone-dangling.testpanw.comA1.2.3.4 -
Hijacking Domain Test Cases HostRecord TypeRecord Datatest-ipv4.hijacking.testpanw.comA1.2.3.5*.test-ipv4-wildcard.hijacking.testpanw.comA1.2.3.6test-ipv6.hijacking.testpanw.comAAAA2607:f8b0:4005:80d::2005test-cname-rrname.hijacking.testpanw.comCNAME1.test-cname-wc.hijacking.testpanw.comtest-cname-rrname-wc.hijacking.testpanw.comCNAME1.test-cname-wildcard-1.hijacking.testpanw.com*.test-cname-rrname-sub-wc.hijacking.testpanw.comCNAME2.test-cname-wc.hijacking.testpanw.comtest-ns-rrname.hijacking.testpanw.comNStest-ns.hijacking.testpanw.comtest-ns-rrname-rdata-wc.hijacking.testpanw.comNS1.test-ns-wc.hijacking.testpanw.com1.test-ns-rrname-sub-wc.hijacking.testpanw.comNStest-ns.hijacking.testpanw.comtest-rrname-wc.hijacking.testpanw.comNStest-ns-2.hijacking.testpanw.comFor NS records, you must use the following option:"dig +trace NS"
Verify that the DNS query request has been processed by DNS Security by monitoring the activity.