Advanced DNS Security License (for enhanced feature support)
or DNS Security License
Advanced Threat Prevention or Threat Prevention License
Palo Alto Networks maintains a network of global and regional domains that provide
service for DNS Security and Advanced DNS Security operations. These service domains
operate real-time DNS request analyzers, access to the DNS signature database and
provide advanced cloud-dependent functionality. By default, DNS Security and Advanced
DNS Security connects to the global service domains (dns.service.paloaltonetworks.com
and adv-dns.service.paloaltonetworks.com,respectively), which then automatically
redirect to the regional domain that is closest to the network security platform
location.
Advanced DNS Security Regional Service Domains
You can manually specify the server used to facilitate Advanced DNS Security queries.
While Palo Alto Networks recommends using the default global service domain, you can
override the selected server if you encounter higher than expected latency or other
service-related issues.
NGFW (PAN-OS 11.2 and later)
You can specify the Advanced DNS Security service domain in PAN-OS from DeviceSetupManagementAdvanced DNS SecurityDNS Security Server.
Strata Cloud Manager
You can specify the Advanced DNS Security service domain in Strata Cloud
Manager from ManageConfigurationNGFW and Prisma AccessSecurity ServicesDNS Security. From the Settings tab, select
Customize to edit the server settings.
This setting does not impact how standard DNS Security queries are handled.
The following table lists the service domains used by Advanced DNS Security: