Passive DNS monitoring enables the firewall to act as
a passive DNS sensor and send DNS information to Palo Alto Networks
for analysis to improve threat intelligence and threat prevention
capabilities. The data collected includes non-recursive DNS query
(that is, the web browser sends a query to a DNS server to translate
a domain to an IP address, and the server returns a response without
querying other DNS servers) and response packet payloads. See
DNS
Overview for more background information about DNS.