Advanced DNS Security License (for enhanced feature support)
or DNS Security License
Advanced Threat Prevention or Threat Prevention License
Palo Alto Networks maintains a network of global and regional domains that provide
service for DNS Security and Advanced DNS Security operations. These service domains
operate real-time DNS request analyzers, access to the DNS signature database and
provide advanced cloud-dependent functionality. By default, DNS Security and Advanced
DNS Security connects to the global service domains (dns.service.paloaltonetworks.com
and adv-dns.service.paloaltonetworks.com,respectively), which then automatically
redirect to the regional domain that is closest to the network security platform
location.
Advanced DNS Security Regional Service Domains
You can manually specify the server used to facilitate Advanced DNS Security queries.
While Palo Alto Networks recommends using the default global service domain, you can
override the selected server if you encounter higher than expected latency or other
service-related issues.
You can specify the Advanced DNS Security service domain in PAN-OS from DeviceSetupManagementAdvanced DNS SecurityDNS Security Server.
This setting does not impact how standard DNS Security queries are handled.
The following table lists the Advanced DNS Security service domains:
