Enable DNS Security is configured
to inspect DNS requests. You can use your existing security profile
if you want to use the same
for DNS-over-TLS traffic.
Create a decryption policy rule (similar
to the example below) with an action to decrypt HTTPS traffic on
port 853, which includes DNS-over-TLS traffic (refer to the Decryption Best Practices for
more information). When DNS-over-TLS traffic is decrypted, the resulting
DNS requests in the logs will appears as the conventional
Search for activity on the firewall
for decrypted TLS-encrypted DNS queries that have been processed
using DNS Security.
filter based on the application using
port 853 (which is exclusively used for DNS-over-TLS transactions),
( app eq dns-base ) and ( port.src eq 853 )
Select a log entry to view the details of a detected
pane and the
pane of the detailed log view.
Other relevant details about the threat are displayed in their corresponding windows.