Advanced DNS Security Powered by Precision AI™
DNS Security Service Domains
Table of Contents
Regional Service Domains
Where Can I Use
This? | What Do I Need? |
|---|---|
|
|
Palo Alto Networks maintains a network of global and regional domains that provide
service for DNS Security and Advanced DNS Security operations. These service domains
operate real-time DNS request analyzers, access to the DNS signature database and
provide advanced cloud-dependent functionality. By default, DNS Security and Advanced
DNS Security connects to the global service domains (dns.service.paloaltonetworks.com
and adv-dns.service.paloaltonetworks.com,respectively), which then automatically
redirect to the regional domain that is closest to the network security platform
location.
DNS Security Regional Service Domains
Palo Alto Networks recommends using the default global service domain
configuration for improved fail-over handling; however, if you experience latency
issues due to the particulars of your location (for example, when straddling
multiple overlapping regional domains), you can manually specify the service domain.
To specify the regional service domain used by DNS Security, you must add a DNS
entry for dns.service.paloaltonetworks.com that includes a CNAME record that
indicates a valid regional domain as part of your DNS server configuration. After
connecting to a regional domain, you can issue the CLI command on the firewall:
to review the average latency. The relevant section is located under the Signature query API heading.show dns-proxy dns-signature counters
The following table lists the DNS Security service domains:
Location | URL |
|---|---|
Cape Town, South Africa | dns-za.service.paloaltonetworks.com |
Hong Kong | dns-hk.service.paloaltonetworks.com |
Tokyo, Japan | dns-jp.service.paloaltonetworks.com |
Singapore | dns-sg.service.paloaltonetworks.com |
Mumbai, India | dns-in.service.paloaltonetworks.com |
Sydney, Australia | dns-au.service.paloaltonetworks.com |
London, England | dns-uk.service.paloaltonetworks.com |
Frankfurt, Germany | dns-de.service.paloaltonetworks.com |
Eemshaven, Netherlands | dns-nl.service.paloaltonetworks.com |
Paris, France | dns-fr.service.paloaltonetworks.com |
Bahrain | dns-bh.service.paloaltonetworks.com |
Montreal, Quebec, Canada | dns-ca.service.paloaltonetworks.com |
Osasco, São Paulo, Brazil | dns-br.service.paloaltonetworks.com |
Council Bluffs, Iowa, USA | dns-us-ia.service.paloaltonetworks.com |
Ashburn, Northern Virginia, USA | dns-us-va.service.paloaltonetworks.com |
The Dalles, Oregon, USA | dns-us-or.service.paloaltonetworks.com |
Los Angeles, California, USA | dns-us-ca.service.paloaltonetworks.com |
Advanced DNS Security Regional Service Domains
You can manually specify the server used to facilitate Advanced DNS Security queries.
While Palo Alto Networks recommends using the default global service domain, you can
override the selected server if you encounter higher than expected latency or other
service-related issues.
You can specify the Advanced DNS Security service domain in PAN-OS from .
Device
Setup
Management
Advanced DNS Security
DNS Security Server
This setting does not impact how standard DNS Security queries are handled.
The following table lists the Advanced DNS Security service domains:
Location | URL |
|---|---|
Cape Town, South Africa | za.adv-dns.service.paloaltonetworks.com |
Bahrain | bh.adv-dns.service.paloaltonetworks.com |
Hong Kong | hk.adv-dns.service.paloaltonetworks.com |
Tokyo, Japan | jp.adv-dns.service.paloaltonetworks.com |
Singapore | sg.adv-dns.service.paloaltonetworks.com |
Mumbai, India | in.adv.dns.service.paloaltonetworks.com |
Sydney, Australia | au.adv-dns.service.paloaltonetworks.com |
London, England | uk.adv-dns.service.paloaltonetworks.com |
Frankfurt, Germany | de.adv.dns.service.paloaltonetworks.com |
Eemshaven, Netherlands | nl.adv.dns.service.paloaltonetworks.com |
Paris, France | fr.adv-dns.service.paloaltonetworks.com |
Bahrain | bh.adv-dns.service.paloaltonetworks.com |
Montreal, Quebec, Canada | ca.adv.dns.service.paloaltonetworks.com |
Osasco, São Paulo, Brazil | br.adv.dns.service.paloaltonetworks.com |
Council Bluffs, Iowa, USA | us-ia.adv.dns.service.paloaltonetworks.com |
Ashburn, Northern Virginia, USA | us-va.adv.dns.service.paloaltonetworks.com |
The Dalles, Oregon, USA | us-or.adv.dns.service.paloaltonetworks.com |
Los Angeles, California, USA | us-ca.adv.dns.service.paloaltonetworks.com |