Use the credentials associated with your Palo
Alto Networks support account and log in to the Prisma Access application
on the hub.
Enable DNS Security is configured
to inspect DNS requests. You can use your existing security profile
if you want to use the same
DNS Policies
settings
for DNS-over-TLS traffic.
Create a decryption policy rule with
an action to decrypt HTTPS traffic on port 853, which includes DNS-over-TLS
traffic (refer to the Decryption Best Practices for
more information). When DNS-over-TLS traffic is decrypted, the resulting
DNS requests in the logs will appears as the conventional
dns-base
application.
(Optional)
Search for activity on the firewall
for decrypted TLS-encrypted DNS queries that have been processed
using DNS Security.
Select
Activity
Log Viewer
and select
Threat
logs.
Use the query builder to filter based on the application using
dns-base
and
port 853 (which is exclusively used for DNS-over-TLS transactions),
for example,
app = 'dns-base' AND source_port = 853
.
Select a log entry to view the details of the detected
DNS threat.
The
Application
should display
dns-base
in
the
General
pane and the
Port
in
the
Source
pane of the detailed log view.
Other relevant details about the threat are displayed in their corresponding
tabs.
